Connecticut has become the third state to enact a cybersecurity safe harbor statute.
On June 16 and July 6, 2021, Connecticut Governor Ned Lamont signed two new cybersecurity laws that continue the national trend of...more
7/12/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
New Legislation ,
Notice Requirements ,
Popular ,
Regulatory Reform ,
Safe Harbors ,
State and Local Government ,
State Data Breach Notification Statutes
Introduction Colorado has joined California and Virginia as the third state with a comprehensive data privacy law. On July 7, 2021, Colorado Governor Polis signed the Act into law, following the Colorado Senate's passage of...more
7/8/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Standards ,
State and Local Government
On June 30, 2021, the New York Department of Financial Services ("NYDFS") identified key cybersecurity measures to prevent and prepare for ransomware attacks. ...more
7/8/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Multi-Factor Authentication ,
New Guidance ,
NYDFS ,
Phishing Scams ,
Ransomware ,
Risk Mitigation
More than a year ago the world fell victim to a global pandemic that would change life in ways that could never have been predicted. In the early stages of the pandemic, we published a White Paper directed at financial...more
The evolution of autonomous vehicle technology and its forthcoming widespread use have the potential for many societal benefits, including safer roads, greater economic productivity, and better fuel economy. Along with the...more
The General Services Administration ("GSA") is including language regarding cybersecurity requirements in requests for proposals relating to certain IT governmentwide acquisition contracts ("GWACs"). Certain requirements will...more
The Situation: As we advised in our recent Commentary, federal banking regulators have proposed rules requiring a banking organization to provide its primary federal regulator with prompt notification of any...more
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
The Situation: Although the deadline keeps getting extended, e-commerce merchants and payment processors across the European Union are racing to implement the strong customer authentication ("SCA") requirements of the Revised...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Revision to Security Standard -
On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more
The Situation: Less than one year after the California Consumer Privacy Act ("CCPA") became effective, California voters approved the California Privacy Rights Act ("CPRA"), a consumer privacy ballot initiative that amends...more
11/6/2020
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular
On October 12, 2020, the California Attorney General released a third set of proposed modifications to the California Consumer Privacy Act ("CCPA") regulations.
On October 12, 2020, the California Attorney General issued...more
The Attorney General requested expedited review by the Office of Administrative Law and asked that the regulations become effective upon filing with the Secretary of State.
On June 1, 2020, the Office of the California...more
The coronavirus (COVID-19) pandemic presents the world of higher education with an unprecedented set of challenges that will likely persist for years to come. During the pandemic and beyond, colleges and universities will be...more
5/15/2020
/ CARES Act ,
Colleges ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Department of Education ,
Distance Learning ,
Educational Institutions ,
Employer Liability Issues ,
Infectious Diseases ,
Relief Measures ,
Students ,
Universities
The Situation: The global spread of the novel coronavirus (COVID-19) has prompted the workforce to migrate from the office to remote-working environments and businesses to adopt new data collection, use, and disclosure...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
Cybersecurity Standards Issued for Government Contractors -
On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
4/1/2020
/ 5G Network ,
Artificial Intelligence ,
Canada ,
China ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FERC ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
Japan ,
Latin America ,
National Security ,
NIST ,
OCIE ,
OCR ,
Online Safety for Children ,
People's Bank of China ,
Public Health Emergency ,
Securities and Exchange Commission (SEC) ,
Social Media ,
State Attorneys General ,
Telehealth ,
Trump Administration ,
Unmanned Aircraft Systems
In light of the increasingly heightened cybersecurity risk environment facing the financial services industry and other critical business sectors, on January 16, 2020, the Office of the Comptroller of the Currency and the...more
The Situation: In the two years since China enacted the Cybersecurity Law, which granted authorities broad powers to monitor and investigate activities falling under its purview, authorities have increasingly penalized...more
11/11/2019
/ China ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection Authority ,
Enforcement Actions ,
Enforcement Authority ,
Penalties ,
Personal Information ,
Popular ,
Risk Assessment
As the legislative session came to a close last week, the California Legislature passed five bills that amend the California Consumer Privacy Act ("CCPA"). Here are the five bills that are now headed to the governor for...more
9/24/2019
/ Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
The Development: On July 8, 2019, Brazil enacted Law No. 13,853/19 outlining the final version of its General Data Protection Law.
The Purpose: The final bill introduces some important changes to the regulations...more
On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") amending New York's data breach notification law. This adds to the growing list of states...more
New York is the first state to establish a department within a financial regulatory agency that is tasked with protecting consumers and financial markets against cyber threats.
On May 22, 2019, the New York Department of...more
6/5/2019
/ Banking Sector ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Digital Currency ,
Financial Institutions ,
Financial Regulatory Agencies ,
Financial Services Industry ,
NYDFS ,
Popular ,
Risk Management
The Situation: In the wake of the Equifax data breach, Massachusetts has amended its data breach law.
The Result: Companies reporting security breaches under the amended data breach law must provide additional information...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Internal Report Regarding IoT Cybersecurity -
In September, the National Institute of Standards and Technology ("NIST") released a draft...more
12/26/2018
/ Civil Monetary Penalty ,
CNIL ,
Consumer Reporting Agencies ,
COPPA ,
Critical Infrastructure Sectors ,
Cross-Border ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Disclosure Requirements ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hobbs Act ,
Internal Audit Functions ,
International Data Transfers ,
Internet of Things ,
NIST ,
Popular ,
Power Grid ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
The Situation: The European Union's General Data Protection Regulation ("GDPR") has raised questions regarding the scope of coverage and protection afforded by current cyber policies, especially with respect to potential GDPR...more