The Biden Administration released its National Cybersecurity Strategy (Strategy) in an effort to reshape U.S. policy and priorities around cybersecurity for the public and private sectors, marking a significant shift in tone...more
The US government continues to refine its influential cybersecurity guidance, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), with a substantial update to the CSF expected later this...more
Through Aerospace & Defense Insights, we share with you the top legal and political issues affecting the aerospace and defense (A&D) industry. Our A&D industry team monitors the latest developments to help our clients stay in...more
On October 18, 2022, the United States Transportation Security Administration (TSA) released a new Security Directive applicable to the rail industry that will require certain owners and operators to implement new,...more
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) and announced “public listening sessions” soliciting input in advance of formal rulemaking under the Cyber Incident...more
9/13/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Ransomware ,
Rulemaking Process
The U.S. Food and Drug Administration (FDA) issued updated draft guidance, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” which aims to help industry take a more...more
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
2/28/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular
Imagine a country paralyzed by the inability — even for just one day — to move people or goods by rail or by plane. This is not science fiction. This is the reality of the potential cybersecurity threats that could impact the...more
11/10/2021
/ Aviation Industry ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Railways ,
Ransomware ,
Transportation Industry ,
TSA
Connecticut’s new cybersecurity standards law, which goes into effect on October 1, 2021, protects companies from punitive damages in certain data breach actions where an organization has a cybersecurity program that conforms...more
10/1/2021
/ Affirmative Defenses ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Information Security Modernization Act (FISMA) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA)....more
On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance....more
2/17/2021
/ Consumer Insurance Products ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Insurance Regulations ,
NYDFS ,
Popular ,
Risk Management ,
State and Local Government
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
There has been a significant development in the ongoing debate regarding the scope of the authority of the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) to issue penalties under the Health...more
The COVID-19, and the various restrictions that have been implemented in response to it, are causing extraordinary business disruptions. Many organizations have had to modify their operational controls and accommodate a shift...more
On March 11, the Word Health Organization officially characterized the coronavirus (COVID-19) outbreak as a pandemic. During the outbreak, many employers around the world are seeking to prioritize the well-being and safety of...more
3/16/2020
/ Business Continuity Plans ,
Business Interruption ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Protection ,
Emergency Management Plans ,
Infectious Diseases ,
Information Security ,
Malware ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more
8/8/2019
/ Biometric Information ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Cuomo ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October...more
Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. ...more
10/18/2018
/ Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Hackers ,
Information Technology ,
Internet of Things ,
Mobile Devices ,
New Legislation ,
Popular ,
Risk Management ,
Security Standards ,
State and Local Government
It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more
2/28/2018
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Popular ,
Risk Assessment ,
Risk Management ,
Vulnerability Assessments
On 1 August 2017, a bipartisan group of four U.S. senators (Steve Daines (R-MT), Cory Gardner (R-CO), Mark Warner (D-VA), and Ron Wyden (D-OR) introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2017....more
8/24/2017
/ Connected Items ,
Cybersecurity ,
Data Protection ,
Federal Contractors ,
Internet of Things ,
NIST ,
NTIA ,
OEM ,
Popular ,
Proposed Legislation ,
Risk Management
On August 1, a bipartisan group of four senators introduced a bill that would impose specific cybersecurity requirements on providers of Internet of Things (IoT) devices when doing business with the U.S. Government and...more
8/3/2017
/ Computer Fraud and Abuse Act (CFAA) ,
Connected Items ,
Cybersecurity ,
Data Protection ,
Information Technology ,
Internet of Things ,
Proposed Legislation ,
Risk Management ,
Vendors ,
Vulnerability Assessments ,
Wireless Devices
Earlier this year, the National Association of Corporate Directors (NACD) released an updated version of its Director’s Handbook on Cyber-Risk Oversight (Handbook). The updates add 16 pages of content to the previously...more
7/19/2017
/ Board of Directors ,
Corporate Counsel ,
Corporate Governance ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Handbooks ,
Information Technology ,
National Association of Corporate Directors (NACD) ,
Risk Management
In this hoganlovells.com interview, Washington, D.C.-based Hogan Lovells senior associate Paul Otto talks about security issues created by the exponential growth of the Internet of Things (IoT). ...more
As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On...more
2/27/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Confidential Information ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Disclosure Requirements ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
Notice Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
In the past month, the National Institute of Standards and Technology (NIST) has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from...more
1/26/2017
/ Comment Period ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
NIST ,
Ransomware ,
Risk Management ,
Supply Chain