Lawmakers expressed bipartisan support for significantly amending or eliminating some cybersecurity incident notification requirements during a recent hearing of the U.S. House Committee on Homeland Security's Subcommittee on...more
On May 15, the Securities and Exchange Commission adopted amendments to Regulation S-P, which covers broker-dealers, registered investment advisors (RIAs), and investment companies (funds). These entities are now required to...more
5/28/2024
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
FACTA ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Investment Adviser ,
Investment Companies ,
New Amendments ,
Personal Information ,
Regulation S-P ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
The Federal Trade Commission (FTC or Commission) has amended its Standards for Safeguarding Customer Information, commonly known as the "Safeguards Rule," to require non-bank financial institutions to report certain data...more
Data breaches come in many different forms, sizes, and levels of complexity, but they tend to share certain key facts: A third-party bad actor—whether through a phishing attack, a ransomware attack, exploitation of a zero-day...more
10/26/2023
/ Bad Actors ,
Breach of Contract ,
Class Action ,
Corporate Counsel ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Federal Rules of Civil Procedure ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Litigation Strategies ,
Negligence ,
Personal Information ,
PHI ,
Phishing Scams ,
Popular ,
Ransomware ,
Unfair or Deceptive Trade Practices
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC or Commission) finalized its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies (the "Final Rule") by a...more
Iowa becomes the fourth U.S. state to provide an affirmative defense for companies that adopt a cybersecurity framework -
Iowa is the fourth state—following Ohio, Connecticut, and Utah—to provide a statutory incentive for...more
7/19/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
New Legislation ,
Popular ,
Regulatory Reform ,
Risk Management ,
Safe Harbors ,
State and Local Government ,
State Data Breach Notification Statutes
Texas amended its data breach notification law to significantly tighten the deadline for notifying the state attorney general (AG) of a data breach affecting 250 or more state residents. Senate Bill 768, which amended Section...more
For businesses subject to data breach notification requirements in Utah and Pennsylvania, a series of significant amendments will soon go into effect in both states. ...more
The Securities and Exchange Commission (SEC or Commission) voted on March 15, 2023, to propose three new sets of rules for data security, cybersecurity, and IT operational resilience. The newly proposed rules would, among...more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a new program aimed at identifying and preventing ransomware attacks. The initiative is known as the Ransomware Vulnerability Warning...more
The U.S. Securities and Exchange Commission ("SEC" or the "Commission") has ordered Blackbaud, Inc. ("Blackbaud") to pay $3 million to resolve claims that it made materially misleading statements about a 2020 ransomware...more
3/16/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Hackers ,
Misleading Statements ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
Securities Violations
While ransomware attacks usually grab the headlines, business email compromise (BEC) attacks continue to cause massive financial losses for businesses. The FBI’s Internet Crime Complaint Center (IC3), reported BEC losses in...more
2/27/2023
/ Anti-Money Laundering ,
Banking Sector ,
BSA/AML ,
Business E-Mail Compromise (BEC) ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Data Breach ,
Financial Crimes ,
Financial Institutions ,
Money Laundering ,
Popular ,
Uniform Commercial Code (UCC)
The Federal Communications Commission ("FCC" or "Commission") has released its long-awaited Notice of Proposed Rulemaking ("NPRM") proposing to revise data breach reporting requirements for telecommunications carriers and...more
October was a busy month in New York for cybersecurity enforcement. In addition to a $4.5 million settlement between the New York Department of Financial Services and EyeMed Vision Care (discussed in a forthcoming blog post),...more
TThe Federal Trade Commission (FTC) recently published a blog post asserting that Section 5 of the FTC Act may require companies to notify individuals of breaches of their personal data, even where there is no specific breach...more
The U.S. Securities and Exchange Commission (SEC) has continued to make cybersecurity disclosures an enforcement priority. Recent enforcement activity, summarized below, highlights these key points for SEC-regulated issuers....more
It has been a busy summer for data breach and cybersecurity laws. Several states have shortened their data breach notification timelines, expanded their definitions of personal data breaches triggering notification...more
The Employee Benefits Security Administration (EBSA) of the U.S. Department of Labor (DOL) recently announced its first cybersecurity guidance for retirement plans subject to the Employee Retirement Income Security Act of...more
4/28/2021
/ Benefit Plan Sponsors ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Labor (DOL) ,
EBSA ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Popular ,
Retirement Plan ,
Retirement Plan Providers ,
Risk Management