Our company experienced a cybersecurity incident. It seemed pretty minor — just a few suspicious emails and an employee’s account being locked. To my dismay, we’re now hearing from our IT team that the issue is more serious....more
2024 was a pivotal year in the regulation of data practices, with increased scrutiny of artificial intelligence (AI), data brokers, and the ecosystem of commercial data, and the continued proliferation of comprehensive United...more
2/13/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws
It is no secret that ransomware dominates headlines, and cybersecurity incidents have become part of our everyday language. However, the criminal “business model” behind ransomware keeps evolving.
Originally published in...more
1/23/2025
/ Business Continuity Plans ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Federal Trade Commission (FTC) ,
Forensic Accounting ,
Incident Response Plans ,
Ransomware ,
Risk Management ,
Third-Party Risk ,
Third-Party Service Provider
In late June, the staff of the U.S. Securities and Exchange Commission’s Division of Corporation Finance released five new compliance and disclosure interpretations regarding the disclosure of material cybersecurity incidents...more
12/2/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Disclosure Requirements ,
Encryption ,
Form 8-K ,
Information Technology ,
Materiality ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC)
By now, public companies are generally aware of the cybersecurity rules adopted by the U.S. Securities and Exchange Commission a year ago, requiring public companies to disclose material cybersecurity incidents under Item...more
10/21/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Form 8-K ,
Incident Response Plans ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get...more
9/11/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Incident Response Plans ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
7/25/2024
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Unauthorized Access
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
On June 24, the staff of the U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance (Division of Corporation Finance) released five new Compliance & Disclosure Interpretations (C&DIs) relating to the...more
7/17/2024
/ C&DIs ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Ransomware ,
Regulation FD ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
In the latest episode of Unauthorized Access, host Sadia Mirza welcomes Kaitlin Clemens, the newest member of Troutman Pepper's Incidents + Investigations team. Kaitlin shares her journey into incident response and...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
On May 21, 2024, Erik Gerding, the director of the Division of Corporation Finance of the Securities and Exchange Commission (SEC), released a statement containing guidance for public companies regarding the disclosure of...more
6/5/2024
/ Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Federal Breach Notification Standard ,
Final Rules ,
Form 8-K ,
New Guidance ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
Unauthorized Access, our privacy and cybersecurity-focused podcast, spotlights the human side of the cybersecurity industry. In this episode, Sadia welcomes Sherri Davidoff, CEO of LMG Security, to discuss the challenges and...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
2/19/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Investigations ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Reform ,
Regulatory Requirements ,
Settlement
Unauthorized Access, Troutman Pepper's privacy and cybersecurity-focused podcast, spotlights the human aspect of the cybersecurity industry, introducing you to the remarkable personalities that make the industry amazing....more
Unauthorized Access, Troutman Pepper's privacy and cybersecurity-focused podcast, spotlights the human aspect of the cybersecurity industry, introducing you to the remarkable personalities that make the industry amazing. In...more
It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this...more
12/13/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Oversight ,
State Attorneys General