The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
NIS2 (Network and Information Systems Directive 2) is the updated version of the NIS Directive, which the EU first introduced in 2016. The original NIS Directive aimed to enhance cybersecurity across member states by...more
The Digital Operational Resilience Act (DORA) establishes a harmonised and comprehensive framework for information and communication technology (ICT) risk management in the financial sector. It is a directly applicable EU...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
The U.S. Securities and Exchange Commission (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules officially went into effect in December 2023. Aimed at improving cybersecurity risk...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
Covered institutions will need to review their cybersecurity and incident response policies and procedures ahead of the applicable compliance deadline. The Securities and Exchange Commission (SEC) recently adopted...more
Amidst an ever-evolving cyber threat landscape, a recent slew of regulatory updates and cybersecurity standards are defining a new battlefront for securing critical infrastructure and corporate data across varying sectors....more
The European Union (EU) is poised to enact the Cyber Resilience Act (CRA), a comprehensive cybersecurity regulation with major implications for software and connected device manufacturers in the United States and globally....more
From large-scale hacks to new rules governing cyber practices, the cyber landscape continues to become more complex. The risk for breaches is higher than ever before. The numbers support this declaration. According to the...more
On 18 December 2023, the new rules of the US Securities and Exchange Commission (SEC) regarding disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K went into effect, requiring companies to report a...more
Data security is a top concern for organizations in today’s digital landscape. It protects data from unauthorized access, use, modification, or disclosure, and requires implementing technical, administrative, and physical...more
Last month the Federal Acquisition Regulatory (FAR) Council announced a major proposal regarding cybersecurity incident reporting and information. Comments currently are now due by February 2, 2024....more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more
In July 2023, the SEC adopted new cybersecurity rules for the stated purpose of enhancing and standardizing disclosures regarding cybersecurity risk management, strategy, governance and incidents by public companies. The...more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
The U.S. Securities and Exchange Commission’s (SEC) impending cyber disclosure rule, slated to commence on 15 December 2023, underscores an imperative shift towards a more transparent and accountable cybersecurity posture for...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
The SEC adopted new rules for public companies regarding disclosure of information relating to cybersecurity risk management, strategy, governance, and material incidents. Companies will now be required to disclose...more
On July 26, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules. Organizations will need to disclose material cyber incidents pursuant to a prescribed timeline and information regarding risk...more
On July 26, the Securities and Exchange Commission (“SEC”) finalized a much anticipated rule addressing cybersecurity risk management, strategy, governance, and incident disclosure. Public companies registered with the SEC...more
On July 25, 2023, the US Securities and Exchange Commission (the SEC), by a 3-2 vote, adopted final rules regarding cybersecurity risk management, strategy, governance and incident reporting by public companies (the Final...more
To help organizations stay on top of the main developments in European digital compliance, Morrison Foerster’s European Digital Regulatory Compliance team reports on some of the main topical digital regulatory and compliance...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
On October 5, 2022, a federal jury found Joseph Sullivan, Uber’s former chief security officer, guilty of obstruction of justice and misprision of a felony in connection with his role in responding to a 2016 data breach...more
While Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is still a work in progress, federal contractors should beware of the existing DFARS cybersecurity requirements. ...more