On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more
11/13/2023
/ Cybersecurity ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FTC Act ,
Gramm-Leach-Blilely Act ,
New Amendments ,
Non-Bank Lenders ,
Personal Information ,
Popular ,
Privacy Rule ,
Risk Assessment ,
Risk Management ,
Safeguards Rule ,
Section 5
On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more
11/1/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Machine Learning ,
Regulatory Reform ,
Security Standards
In light of the DOJ’s most recent guidance on the use of personal devices and third-party messaging applications by corporate personnel, this White Paper addresses issues and challenges that companies are facing in this area...more
10/18/2023
/ CFTC ,
Compliance ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Electronic Communications ,
Financial Industry Regulatory Authority (FINRA) ,
Guidance Update ,
Instant Messaging Apps ,
Mobile Devices ,
Policies and Procedures ,
Securities and Exchange Commission (SEC) ,
White Collar Crimes ,
Workplace Communication
Delaware is the latest state to enact a comprehensive data privacy law, which creates unique compliance challenges and risks for companies....more
On July 18, 2023, Oregon Governor Tina Kotek signed Senate Bill 619, referred to as the "Oregon Consumer Privacy Act" ("OCPA" or "the Act"), making Oregon the 11th state to enact a comprehensive data privacy law....more
In Short -
The Situation: Following a cyberattack on a law firm's systems, the Securities and Exchange Commission ("SEC") subpoenaed the firm for information, including the identity of clients whose information may have...more
8/15/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Discovery ,
Enforcement Actions ,
Evidence ,
Fourth Amendment ,
Government Investigations ,
Hackers ,
Material Nonpublic Information ,
Personally Identifiable Information ,
Securities and Exchange Commission (SEC) ,
Subpoenas
In Short -
The Situation: On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted final rules that significantly alter cybersecurity disclosure obligations for companies. The SEC's final rules adopt...more
8/2/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
On June 16, the U.S. Department of Commerce published a final rule, effective July 17, 2023, on Securing the Information and Communications Technology and Services ("ICTS") Supply Chain, signaling potential new actions on...more
On May 30, 2023, the Cyberspace Administration of China ("CAC") issued the "Guidance on Filing the Standard Contract for the Cross-Border Transfer of Personal Information" ("Guidance"), which took effect on June 1, 2023....more
In Short -
The Situation: Rapid advances in generative artificial intelligence ("AI") have galvanized bipartisan support for a new U.S. legal framework to regulate AI, potentially including creation of a new federal...more
The Federal Trade Commission seeks to clarify how the Health Breach Notification Rule applies to health records collected by health apps and similar consumer health technologies. ...more
On May 3, 2023, the Federal Trade Commission ("FTC") issued an Order to Show Cause against Meta for alleged violations of Meta's 2012 and 2020 privacy orders and seeks to bar the company from monetizing data related to...more
New York City regulators have finalized rules implementing the city's law requiring bias audits of automated employment decision tools, publication of audit results, notice to employees, and other requirements....more
On March 28, 2023, Iowa—following California, Colorado, Connecticut, Utah, and Virginia—became the sixth state to adopt a comprehensive consumer data privacy law.
On March 28, 2023, Iowa Governor Kim Reynolds signed "An...more
If adopted, these proposed rules would (i) enhance protection of customer information under Regulation S-P, (ii) add new requirements addressing cybersecurity risk to the U.S. securities markets, and (iii) expand the types of...more
Asserting that the company misstated the scope of data stolen in the cyberattack, the SEC provides a clear reminder that cybersecurity disclosures remain an agency priority....more
On February 24, 2023, the Cyberspace Administration of China ("CAC") issued the long-awaited Measures on the Standard Contract for Outbound Cross-Border Transfer of Personal Information ("Measures")....more
France's Orientation and Programming Law of the Ministry of the Interior ("LOMPI law"), published in the Official Journal of January 25, 2023, amends the insurance coverage of losses and damages paid in response to...more
2/27/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Processors ,
France ,
Information Technology ,
Insurance Code ,
New Guidance ,
Popular ,
Ransomware ,
Regulatory Requirements
In Short:
The Situation: The cyber insurance market is experiencing a major retrenchment, with insurers seeking to limit their exposure in a variety of ways....more
In Short -
The Situation: Following a number of high-profile cyber incidents resulting in significant data breaches, the Australian Government has doubled down on its efforts to strengthen privacy laws and cybersecurity...more
The Council of the European Union ("EU") adopted a new Directive to strengthen cybersecurity and resilience across the Union. -
Following the European Parliament's approval on November 10, 2022, the Council of the European...more
In Short -
The Situation: The California Privacy Protection Agency ("CPPA" or "Agency") has modified its proposed regulations implementing many key California Privacy Rights Act ("CPRA") requirements....more
On October 7, 2022, President Biden signed an executive order on "Enhancing Safeguards for United States Signals Intelligence Activities," outlining the measures that the United States will take to implement its commitments...more
The California Age-Appropriate Design Code Act expands privacy requirements for businesses with online products, services, or features directed to or likely to be accessed by users under the age of 18....more