The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more
NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more
Since December 18, 2023 public companies other than smaller reporting companies are required to report a cybersecurity incident under Item 1.05 of Form 8-K within four business days after the company determines the incident...more
Against the backdrop of the National Cybersecurity Strategy’s stated goal of harmonizing federal cyber incident reporting requirements, new requirements still continue to emerge. Among the latest is a Federal Trade Commission...more
In October 2023, the Transportation Security Administration (TSA) updated three of its cybersecurity directives regulating passenger and freight railroad carriers. The following security directives have been renewed for one...more
The National Institute of Standards and Technology (NIST) seeks feedback on a draft version of its influential cybersecurity guidance, the Cybersecurity Framework (CSF) 2.0. Updates include an expansion of the CSF’s scope,...more
On July 26, the SEC adopted amendments to Regulation S-K and Exchange Act forms requiring public companies to disclose on a current basis material cybersecurity incidents and to disclose annually information regarding their...more
The Biden Administration released its National Cybersecurity Strategy (Strategy) in an effort to reshape U.S. policy and priorities around cybersecurity for the public and private sectors, marking a significant shift in tone...more
The US government continues to refine its influential cybersecurity guidance, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), with a substantial update to the CSF expected later this...more
This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions –...more
The U.S. Federal Communications Commission (FCC or Commission) released a Notice of Proposed Rulemaking (NPRM) seeking to update and strengthen its rules requiring telecommunications carriers and interconnected Voice over...more
On November 9, 2022, the New York Department of Financial Services (NYDFS) published proposed amendments to significantly expand Cybersecurity Requirements for Financial Services Companies under 23 NYCRR 500 (the “NYDFS...more
The field of regulators interested in the cybersecurity practices of private companies is getting crowded, with the Federal Communications Commission (FCC) becoming more and more active in this space. The FCC, which has...more
Through Aerospace & Defense Insights, we share with you the top legal and political issues affecting the aerospace and defense (A&D) industry. Our A&D industry team monitors the latest developments to help our clients stay in...more
On October 18, 2022, the United States Transportation Security Administration (TSA) released a new Security Directive applicable to the rail industry that will require certain owners and operators to implement new,...more
The European Commission recently proposed the EU Cyber Resilience Act, a regulation on cybersecurity requirements for products with digital elements. The proposal introduces wide-ranging technical and governance measures that...more
The National Highway Traffic Safety Administration (“NHTSA”) recently issued updated guidance on cybersecurity best practices for motor vehicle safety. This non-binding guidance demonstrates NHTSA’s continued emphasis on...more
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) and announced “public listening sessions” soliciting input in advance of formal rulemaking under the Cyber Incident...more
9/13/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Ransomware ,
Rulemaking Process
The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more
The U.S. Food and Drug Administration (FDA) issued updated draft guidance, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” which aims to help industry take a more...more
On March 9, 2022 the SEC proposed rule amendments that would require public companies to report detailed information about material cybersecurity incidents affecting their business and about their cybersecurity risk...more
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
2/28/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular
On 2 December 2021, the United States Transportation Security Administration (TSA) released two Security Directives applicable to the rail industry that will require certain owners and operators to implement new cybersecurity...more
Imagine a country paralyzed by the inability — even for just one day — to move people or goods by rail or by plane. This is not science fiction. This is the reality of the potential cybersecurity threats that could impact the...more
11/10/2021
/ Aviation Industry ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Railways ,
Ransomware ,
Transportation Industry ,
TSA
The Cybersecurity and Infrastructure Security Agency (CISA), an agency within the Department of Homeland Security, recently issued an Autonomous Ground Vehicle Security Guide (Guide). Because autonomous-vehicle (AV) pilot...more