The Biden-Harris Administration has unveiled its highly anticipated National Cybersecurity Strategy — a sweeping and ambitious document calling for "fundamental changes to the underlying dynamics of the digital ecosystem."...more
The National Credit Union Administration (NCUA) has approved a final rule requiring federally chartered and federally insured credit unions to notify NCUA of a "reportable cyber incident" "as soon as possible and no later...more
While ransomware attacks usually grab the headlines, business email compromise (BEC) attacks continue to cause massive financial losses for businesses. The FBI’s Internet Crime Complaint Center (IC3), reported BEC losses in...more
2/27/2023
/ Anti-Money Laundering ,
Banking Sector ,
BSA/AML ,
Business E-Mail Compromise (BEC) ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Data Breach ,
Financial Crimes ,
Financial Institutions ,
Money Laundering ,
Popular ,
Uniform Commercial Code (UCC)
The California Privacy Protection Agency ("CPPA" or "Agency") is seeking preliminary comments on proposed rulemaking for risk assessments and cybersecurity audits for higher-risk data processing activities, and consumer...more
One can scarcely browse the internet without encountering a story on the use of Artificial Intelligence (AI) by businesses or websites. While recently most attention has focused on generative AI and the increasing use of chat...more
The Federal Communications Commission ("FCC" or "Commission") has released its long-awaited Notice of Proposed Rulemaking ("NPRM") proposing to revise data breach reporting requirements for telecommunications carriers and...more
The U.S. Securities and Exchange Commission (SEC) appears to have big plans for cybersecurity regulation in 2023....more
Since its inception in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has sought to facilitate adoption of secure cloud computing services by federal government agencies. A newly enacted law, the...more
The Transportation Security Administration (TSA) published an Advance Notice of Proposed Rulemaking (ANPRM) on November 30, 2022, seeking stakeholder comment on ways to strengthen cybersecurity and resiliency for pipeline and...more
The New York Department of Financial Services (NYDFS) has proposed significant amendments (Proposed Amendments) to its Cybersecurity Requirements for Financial Services Companies (Cybersecurity Regulation)....more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
On November 15, 2022, the Federal Trade Commission (FTC) announced a six-month extension of the deadline to comply with most provisions of its new Safeguards Rule. Covered "financial institutions" under the Safeguards Rule,...more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
October was a busy month in New York for cybersecurity enforcement. In addition to a $4.5 million settlement between the New York Department of Financial Services and EyeMed Vision Care (discussed in a forthcoming blog post),...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
The U.S. electric grid is a prime target for cyberattacks, including by both nation-state actors and organized crime. Electric utilities have been ahead of much of the rest of the energy sector in hardening their...more
The federal Cybersecurity & Infrastructure Security Agency (CISA) has issued a request for information (RFI) seeking public input on its development of cyber incident and ransom payment reporting rules under the Cyber...more
A reminder to financial services firms: the Consumer Financial Protection Bureau (CFPB) is also a data security regulator....more
The Transportation Security Administration (TSA) has revised and reissued its Security Directive on cybersecurity for critical pipelines and liquified natural gas (LNG) facilities. The new Security Directive takes a more...more
The Federal Trade Commission (FTC) may have just taken its first steps towards the creation of generally applicable federal privacy and security rules. On Aug. 11, 2022, the FTC published an advance notice of proposed...more
TThe Federal Trade Commission (FTC) recently published a blog post asserting that Section 5 of the FTC Act may require companies to notify individuals of breaches of their personal data, even where there is no specific breach...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed into law by President Biden in March 2022 as part of the Consolidated Appropriations Act of 2022, will require companies operating in...more
On March 31, 2022, the Payment Card Industry Security Standards Council published version 4.0 of its PCI Data Security Standard (PCI DSS). The updated standards provide significant new guidance on the scope and applicability...more
On Monday, March 21, 2022, the White House issued a statement warning of "evolving intelligence" that the Russian government may launch cyberattacks aimed at the United States in response to sanctions arising from Russia's...more
On March 9, 2022, the Securities and Exchange Commission (SEC) announced proposed rules requiring publicly listed companies to make several specific disclosures related to cybersecurity incidents and the registrant's...more