On July 18, 2024, US District Judge Paul Engelmayer of the Southern District of New York issued a detailed 107-page opinion and order dismissing most of the US Securities and Exchange Commission (SEC) case against SolarWinds...more
There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike’s defective software update on July 19, 2024, and their impacts on public...more
The Federal Housing Administration (FHA) published Mortgagee Letter 2024-10 (Letter) on May 23, 2024, requiring FHA-approved Mortgagees to report certain cyber incidents to the Department of Housing and Urban Development...more
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting...more
On October 27, 2023, the Federal Trade Commission (FTC) unanimously approved an amendment to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule to require certain covered financial institutions to report a broad range of data...more
On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized its proposed cybersecurity rules, which build upon existing NYDFS cybersecurity requirements in the Part 500 Cybersecurity Rules....more
On Tuesday, October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, which amends certain aspects of California’s existing Data Broker Registration law. By January 1, 2026,...more
With 8-K reporting obligations for “material” cybersecurity incidents under the new Securities and Exchange Commission (SEC) rules becoming effective as of December 18, 2023, most companies will soon be tasked with making...more
On July 26, 2023, the Securities and Exchange Commission (SEC) voted at an open meeting to adopt final rules to mandate standardized cybersecurity disclosures by public companies. The final rules will...more
8/3/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On July 13, 2023, the White House unveiled its National Cybersecurity Strategy Implementation Plan (NCSIP or implementation plan), following the release of the National Cybersecurity Strategy....more
On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million settlement with cosmetics retailer Sephora to resolve allegations that it violated the California Consumer Privacy Act (CCPA) and failed to...more
Key Takeaways -
On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed...more
With the passage of new state privacy laws slated to take effect in 2023, organizations are increasingly focused on identifying necessary steps to comply with these new laws. One of the first key steps in the compliance...more
On May 16, 2022, eight months after President Joe Biden announced his intention to nominate Alvaro Bedoya to serve as a commissioner of the Federal Trade Commission, Bedoya was sworn in. The FTC includes five commissioners –...more