Latest Publications

Share:

Federal court strikes blow to expansive OCR web tracking position

The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more

NIST refines Cybersecurity Security Framework, with increased focus on governance and supply chain

NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more

Agencies issue guidance on delayed SEC reporting of material cybersecurity incidents - SEC Update

Since December 18, 2023 public companies other than smaller reporting companies are required to report a cybersecurity incident under Item 1.05 of Form 8-K within four business days after the company determines the incident...more

FTC amends Safeguards Rule to require non-banking financial institutions to report data breaches

Against the backdrop of the National Cybersecurity Strategy’s stated goal of harmonizing federal cyber incident reporting requirements, new requirements still continue to emerge. Among the latest is a Federal Trade Commission...more

TSA revises rail cybersecurity directives for passenger and freight railroads

In October 2023, the Transportation Security Administration (TSA) updated three of its cybersecurity directives regulating passenger and freight railroad carriers. The following security directives have been renewed for one...more

NIST seeks feedback on draft Cybersecurity Framework 2.0 - The release of this draft is a critical opportunity for organizations...

The National Institute of Standards and Technology (NIST) seeks feedback on a draft version of its influential cybersecurity guidance, the Cybersecurity Framework (CSF) 2.0. Updates include an expansion of the CSF’s scope,...more

SEC adopts significant new cybersecurity disclosure requirements

On July 26, the SEC adopted amendments to Regulation S-K and Exchange Act forms requiring public companies to disclose on a current basis material cybersecurity incidents and to disclose annually information regarding their...more

Securing Cyberspace: White House releases National Cybersecurity Strategy

The Biden Administration released its National Cybersecurity Strategy (Strategy) in an effort to reshape U.S. policy and priorities around cybersecurity for the public and private sectors, marking a significant shift in tone...more

NIST prepares for Cybersecurity Framework 2.0, with increased focus on governance and supply chain

The US government continues to refine its influential cybersecurity guidance, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), with a substantial update to the CSF expected later this...more

HHS OCR creates new HIPAA enforcement arm and enhances focus on cybersecurity and privacy oversight

This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions –...more

FCC seeks to impose new carrier data breach notification rules

The U.S. Federal Communications Commission (FCC or Commission) released a Notice of Proposed Rulemaking (NPRM) seeking to update and strengthen its rules requiring telecommunications carriers and interconnected Voice over...more

NYDFS publishes proposed amendments to Cybersecurity Regulation for covered entities

On November 9, 2022, the New York Department of Financial Services (NYDFS) published proposed amendments to significantly expand Cybersecurity Requirements for Financial Services Companies under 23 NYCRR 500 (the “NYDFS...more

The Federal Communications Commission (again) sets its sights on cybersecurity

The field of regulators interested in the cybersecurity practices of private companies is getting crowded, with the Federal Communications Commission (FCC) becoming more and more active in this space. The FCC, which has...more

Aerospace and Defense Insights I Critical input needed: U.S. critical infrastructure asked to engage on proposed cyber reporting...

Through Aerospace & Defense Insights, we share with you the top legal and political issues affecting the aerospace and defense (A&D) industry. Our A&D industry team monitors the latest developments to help our clients stay in...more

Rail industry receives new cybersecurity performance-based security requirements from TSA

On October 18, 2022, the United States Transportation Security Administration (TSA) released a new Security Directive applicable to the rail industry that will require certain owners and operators to implement new,...more

The EU Cyber Resilience Act: what to expect

The European Commission recently proposed the EU Cyber Resilience Act, a regulation on cybersecurity requirements for products with digital elements. The proposal introduces wide-ranging technical and governance measures that...more

NHTSA issues updated cybersecurity best practices for the safety of modern vehicles

The National Highway Traffic Safety Administration (“NHTSA”) recently issued updated guidance on cybersecurity best practices for motor vehicle safety. This non-binding guidance demonstrates NHTSA’s continued emphasis on...more

Critical input needed: US critical infrastructure asked to engage on proposed cyber reporting rules

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) and announced “public listening sessions” soliciting input in advance of formal rulemaking under the Cyber Incident...more

HHS seeks comment by June 6 on recognized security practices as mitigating factor in HIPAA enforcement

The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more

FDA updates “cybersecurity in medical devices” guidance, seeks industry input - Draft guidance addresses quality system...

The U.S. Food and Drug Administration (FDA) issued updated draft guidance, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” which aims to help industry take a more...more

SEC proposes significant new cybersecurity disclosure requirements

On March 9, 2022 the SEC proposed rule amendments that would require public companies to report detailed information about material cybersecurity incidents affecting their business and about their cybersecurity risk...more

FTC emphasizes expectations around the health breach notification rule

The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more

TSA releases new security directives regarding cybersecurity requirements for the rail industry

On 2 December 2021, the United States Transportation Security Administration (TSA) released two Security Directives applicable to the rail industry that will require certain owners and operators to implement new cybersecurity...more

Staying Ahead of the Hack: New Cybersecurity Requirements on the Horizon for Trains and Planes

Imagine a country paralyzed by the inability — even for just one day — to move people or goods by rail or by plane. This is not science fiction. This is the reality of the potential cybersecurity threats that could impact the...more

CISA issues autonomous ground vehicle cybersecurity guide

The Cybersecurity and Infrastructure Security Agency (CISA), an agency within the Department of Homeland Security, recently issued an Autonomous Ground Vehicle Security Guide (Guide). Because autonomous-vehicle (AV) pilot...more

70 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide