TThe Federal Trade Commission (FTC) recently published a blog post asserting that Section 5 of the FTC Act may require companies to notify individuals of breaches of their personal data, even where there is no specific breach...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed into law by President Biden in March 2022 as part of the Consolidated Appropriations Act of 2022, will require companies operating in...more
On March 31, 2022, the Payment Card Industry Security Standards Council published version 4.0 of its PCI Data Security Standard (PCI DSS). The updated standards provide significant new guidance on the scope and applicability...more
Since first announced in December 2021, the critical Log4j vulnerability has stolen the attention of many cybersecurity professionals. The Federal Trade Commission (FTC) has taken notice too....more
Privacy and security diligence has become standard in M&A transactions, but a one-size-fits-all approach won’t work. While form questionnaires have their place, companies need to know when to take a deeper, more technical...more
Over the last several weeks, the National Institute of Standards and Technology (NIST) has taken key steps towards the creation of a consumer labeling program for the cybersecurity of Internet of things (IoT) devices....more
It has been a busy summer for data breach and cybersecurity laws. Several states have shortened their data breach notification timelines, expanded their definitions of personal data breaches triggering notification...more
Now is a great time to review your security posture, as you have a new tool to help you. On May 18, 2021, the Center for Internet Security (CIS) released Version 8 of its CIS Controls, formerly known as the CIS Critical...more