The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare cybersecurity. The concept paper builds on the Biden-Harris Administration's National...more
12/18/2023
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Medicare ,
OCR ,
Popular
As we discussed in our prior blog post, the Securities and Exchange Commission (SEC) recently finalized its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies (the "Rule")....more
12/15/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
Infrastructure ,
New Guidance ,
Popular ,
Publicly-Traded Companies ,
Remediation ,
Securities and Exchange Commission (SEC)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (UK NCSC), along with partner agencies from 17 nations, have released Guidelines for Secure AI System Development (the...more
12/5/2023
/ Artificial Intelligence ,
Asset Protection ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Documentation ,
Executive Orders ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Infrastructure ,
Machine Learning ,
NCSC ,
NIST ,
Popular ,
Risk Management ,
Supply Chain
The Cybersecurity and Infrastructure Security Agency (CISA) has released a revised draft of its Secure Software Development Attestation Common Form ("Form"). The Form, once finalized, will obligate vendors providing software...more
12/1/2023
/ Automation Systems ,
Cybersecurity ,
Department of Justice (DOJ) ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
General Services Administration (GSA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
NIST ,
Noncompliance ,
OMB ,
Risk Assessment ,
Software Developers ,
Supply Chain
The AI executive order moves the U.S. closer to a broader unified approach on federal AI regulation, expanding on the AI Bill of Rights and NIST AI Risk Management Framework and focusing on the responsible development and...more
11/8/2023
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Biden Administration ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Defense Production Act ,
Department of Energy (DOE) ,
Department of Homeland Security (DHS) ,
ECOA ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
Fair Housing Act (FHA) ,
HUD ,
Infrastructure ,
National Security ,
NIST ,
OMB ,
Patent Trial and Appeal Board ,
Popular ,
Privacy Laws ,
Public Health ,
Risk Management ,
Security Standards ,
Technology Sector ,
U.S. Commerce Department
The Federal Trade Commission (FTC or Commission) has amended its Standards for Safeguarding Customer Information, commonly known as the "Safeguards Rule," to require non-bank financial institutions to report certain data...more
The Office of the National Cyber Director (ONCD) has extended the deadline to respond to its Request for Information (RFI) seeking public comment on "opportunities for and obstacles to harmonizing" cybersecurity regulations....more
9/14/2023
/ Cybersecurity ,
Deadlines ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Infrastructure ,
Interagency Guidance ,
NDAA ,
NIST ,
OMB ,
Popular ,
Proposed Regulation ,
Request For Information ,
Risk Mitigation
The Federal Communications Commission (FCC) has published its notice of proposed rulemaking (the NPRM) detailing the proposed creation of a voluntary cybersecurity labeling program for Internet of Things (IoT) or "smart"...more
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC or Commission) finalized its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies (the "Final Rule") by a...more
The Cybersecurity Administration of China ("CAC") and six other agencies jointly promulgated Interim Measures for the Administration of Generative Artificial Intelligence Services ("Generative AI Measures" or "Rules"), that...more
7/31/2023
/ Algorithms ,
Artificial Intelligence ,
China ,
Compliance ,
Consent ,
Corporate Counsel ,
Cybersecurity ,
Digital Service Providers ,
Intellectual Property Protection ,
Interim Rule ,
Labeling ,
Licensing Rights ,
Machine Learning ,
Personal Information ,
Research and Development ,
Technology Sector ,
Training
According to its Spring 2023 rulemaking agenda, the U.S. Securities and Exchange Commission (SEC) has delayed issuance of two sets of cybersecurity requirements that previously were expected to be finalized in April 2023. The...more
6/28/2023
/ Broker-Dealer ,
Business Development Companies ,
Corporate Governance ,
Corporate Strategy ,
Cyber Incident Reporting ,
Cybersecurity ,
Investment Adviser ,
Proposed Rules ,
Publicly-Traded Companies ,
Registered Investment Advisors ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
Securities and Exchange Commission (SEC)
Texas amended its data breach notification law to significantly tighten the deadline for notifying the state attorney general (AG) of a data breach affecting 250 or more state residents. Senate Bill 768, which amended Section...more
A reminder to non-bank financial institutions subject to the Gramm-Leach-Bliley Act (GLBA): the deadline to comply with the Federal Trade Commission's (FTC) revised Standards for Safeguarding Customer Information, commonly...more
5/19/2023
/ Compliance ,
Cybersecurity ,
Deadlines ,
Department of Education ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
FTC Act ,
GLBA Privacy ,
Investment Adviser ,
Multi-Factor Authentication ,
New Rules ,
Popular ,
Risk Assessment ,
Safeguards Rule ,
Third-Party Risk
INCDPA takes business-friendly approach to data privacy, following Virginia, Utah, and Iowa -
Indiana has become the seventh state to enact a "comprehensive" data privacy law, joining California, Virginia, Colorado,...more
The Project Management Office (PMO) for the Federal Risk and Authorization Management Program (FedRAMP) has issued an updated version of FedRAMP's 3PAO Obligations and Performance Standards (3PAO Standards), which sets forth...more
March 2023 was a consequential month for data privacy law. The California Office of Administrative Law (OAL) formally approved regulations issued by the California Privacy Protection Agency (CPPA) implementing the California...more
With the unanimous passage of Senate File 262 by the Iowa House and Senate and the Governor's signature Tuesday, the Hawkeye State joins California, Colorado, Connecticut, Virginia, and Utah as one of six states with a...more
3/31/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Personal Information ,
Privacy Laws ,
Regulatory Reform ,
State Data Breach Notification Statutes ,
State Data Privacy Laws
For businesses subject to data breach notification requirements in Utah and Pennsylvania, a series of significant amendments will soon go into effect in both states. ...more
The Securities and Exchange Commission (SEC or Commission) voted on March 15, 2023, to propose three new sets of rules for data security, cybersecurity, and IT operational resilience. The newly proposed rules would, among...more
Digital healthcare platforms using third-party tracking pixels should be on alert in light of the recent post issued by the Federal Trade Commission's new Office of Technology and the FTC's latest enforcement actions against...more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a new program aimed at identifying and preventing ransomware attacks. The initiative is known as the Ransomware Vulnerability Warning...more