The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare cybersecurity. The concept paper builds on the Biden-Harris Administration's National...more
12/18/2023
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Medicare ,
OCR ,
Popular
As we discussed in our prior blog post, the Securities and Exchange Commission (SEC) recently finalized its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies (the "Rule")....more
12/15/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
Infrastructure ,
New Guidance ,
Popular ,
Publicly-Traded Companies ,
Remediation ,
Securities and Exchange Commission (SEC)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (UK NCSC), along with partner agencies from 17 nations, have released Guidelines for Secure AI System Development (the...more
12/5/2023
/ Artificial Intelligence ,
Asset Protection ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Documentation ,
Executive Orders ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Infrastructure ,
Machine Learning ,
NCSC ,
NIST ,
Popular ,
Risk Management ,
Supply Chain
The AI executive order moves the U.S. closer to a broader unified approach on federal AI regulation, expanding on the AI Bill of Rights and NIST AI Risk Management Framework and focusing on the responsible development and...more
11/8/2023
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Biden Administration ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Defense Production Act ,
Department of Energy (DOE) ,
Department of Homeland Security (DHS) ,
ECOA ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
Fair Housing Act (FHA) ,
HUD ,
Infrastructure ,
National Security ,
NIST ,
OMB ,
Patent Trial and Appeal Board ,
Popular ,
Privacy Laws ,
Public Health ,
Risk Management ,
Security Standards ,
Technology Sector ,
U.S. Commerce Department
The Office of the National Cyber Director (ONCD) has extended the deadline to respond to its Request for Information (RFI) seeking public comment on "opportunities for and obstacles to harmonizing" cybersecurity regulations....more
9/14/2023
/ Cybersecurity ,
Deadlines ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Infrastructure ,
Interagency Guidance ,
NDAA ,
NIST ,
OMB ,
Popular ,
Proposed Regulation ,
Request For Information ,
Risk Mitigation
The Federal Communications Commission (FCC) has published its notice of proposed rulemaking (the NPRM) detailing the proposed creation of a voluntary cybersecurity labeling program for Internet of Things (IoT) or "smart"...more
The Texas Data Privacy and Security Act (TDPSA) became law on June 16, 2023. Texas becomes the 11th state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa,...more
7/7/2023
/ Biometric Information ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Non-Discrimination Rules ,
Notice Requirements ,
Opt-Outs ,
Popular ,
Private Right of Action ,
Reporting Requirements ,
SBA ,
Sensitive Personal Information ,
Small Business ,
State Privacy Laws ,
Texas
A reminder to non-bank financial institutions subject to the Gramm-Leach-Bliley Act (GLBA): the deadline to comply with the Federal Trade Commission's (FTC) revised Standards for Safeguarding Customer Information, commonly...more
5/19/2023
/ Compliance ,
Cybersecurity ,
Deadlines ,
Department of Education ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
FTC Act ,
GLBA Privacy ,
Investment Adviser ,
Multi-Factor Authentication ,
New Rules ,
Popular ,
Risk Assessment ,
Safeguards Rule ,
Third-Party Risk
The Securities and Exchange Commission (SEC or Commission) voted on March 15, 2023, to propose three new sets of rules for data security, cybersecurity, and IT operational resilience. The newly proposed rules would, among...more