INCDPA takes business-friendly approach to data privacy, following Virginia, Utah, and Iowa -
Indiana has become the seventh state to enact a "comprehensive" data privacy law, joining California, Virginia, Colorado,...more
With Order No. 893, Commission Continues to Prioritize Regulations to Improve Electric Grid Reliability -
Cyberattacks continue to threaten the reliability of the electric grid. In response to a congressional directive to...more
The Project Management Office (PMO) for the Federal Risk and Authorization Management Program (FedRAMP) has issued an updated version of FedRAMP's 3PAO Obligations and Performance Standards (3PAO Standards), which sets forth...more
March 2023 was a consequential month for data privacy law. The California Office of Administrative Law (OAL) formally approved regulations issued by the California Privacy Protection Agency (CPPA) implementing the California...more
With the unanimous passage of Senate File 262 by the Iowa House and Senate and the Governor's signature Tuesday, the Hawkeye State joins California, Colorado, Connecticut, Virginia, and Utah as one of six states with a...more
3/31/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Personal Information ,
Privacy Laws ,
Regulatory Reform ,
State Data Breach Notification Statutes ,
State Data Privacy Laws
For businesses subject to data breach notification requirements in Utah and Pennsylvania, a series of significant amendments will soon go into effect in both states. ...more
The Securities and Exchange Commission (SEC or Commission) voted on March 15, 2023, to propose three new sets of rules for data security, cybersecurity, and IT operational resilience. The newly proposed rules would, among...more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a new program aimed at identifying and preventing ransomware attacks. The initiative is known as the Ransomware Vulnerability Warning...more
The U.S. Securities and Exchange Commission ("SEC" or the "Commission") has ordered Blackbaud, Inc. ("Blackbaud") to pay $3 million to resolve claims that it made materially misleading statements about a 2020 ransomware...more
3/16/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Hackers ,
Misleading Statements ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
Securities Violations
The Biden-Harris Administration has unveiled its highly anticipated National Cybersecurity Strategy — a sweeping and ambitious document calling for "fundamental changes to the underlying dynamics of the digital ecosystem."...more
The California Privacy Protection Agency ("CPPA" or "Agency") is seeking preliminary comments on proposed rulemaking for risk assessments and cybersecurity audits for higher-risk data processing activities, and consumer...more
The Federal Communications Commission ("FCC" or "Commission") has released its long-awaited Notice of Proposed Rulemaking ("NPRM") proposing to revise data breach reporting requirements for telecommunications carriers and...more
The U.S. Securities and Exchange Commission (SEC) appears to have big plans for cybersecurity regulation in 2023....more
Since its inception in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has sought to facilitate adoption of secure cloud computing services by federal government agencies. A newly enacted law, the...more
The Transportation Security Administration (TSA) published an Advance Notice of Proposed Rulemaking (ANPRM) on November 30, 2022, seeking stakeholder comment on ways to strengthen cybersecurity and resiliency for pipeline and...more
The New York Department of Financial Services (NYDFS) has proposed significant amendments (Proposed Amendments) to its Cybersecurity Requirements for Financial Services Companies (Cybersecurity Regulation)....more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
On November 15, 2022, the Federal Trade Commission (FTC) announced a six-month extension of the deadline to comply with most provisions of its new Safeguards Rule. Covered "financial institutions" under the Safeguards Rule,...more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
October was a busy month in New York for cybersecurity enforcement. In addition to a $4.5 million settlement between the New York Department of Financial Services and EyeMed Vision Care (discussed in a forthcoming blog post),...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
The U.S. electric grid is a prime target for cyberattacks, including by both nation-state actors and organized crime. Electric utilities have been ahead of much of the rest of the energy sector in hardening their...more
The federal Cybersecurity & Infrastructure Security Agency (CISA) has issued a request for information (RFI) seeking public input on its development of cyber incident and ransom payment reporting rules under the Cyber...more
A reminder to financial services firms: the Consumer Financial Protection Bureau (CFPB) is also a data security regulator....more
The Transportation Security Administration (TSA) has revised and reissued its Security Directive on cybersecurity for critical pipelines and liquified natural gas (LNG) facilities. The new Security Directive takes a more...more