The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The country’s largest provider of cloud-based education software for K-12 schools announced on January 7 that it fell victim to a massive data breach – which may lead to questions about the implications for your school....more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
Bleeping Computer has reported that Rite Aid has disclosed a data breach affecting 2.2 million individuals. According to the report, Rite Aid stated in its filing with the Maine Attorney General that “We determined by...more
Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
Report on Patient Privacy 23, no. 12 (December, 2023) Northwell Health in New York and Cook County Health in Chicago each experienced impacts from a breach at Nevada-based transcription company Perry Johnson & Associates...more
On October 27, the Federal Trade Commission (FTC or Commission) published a final rule expanding data breach notification requirements for certain financial institutions (Final Rule). Federal Register, will require entities...more
In today’s digital landscape, organizations face a constant threat of cybersecurity incidents. Identifying sensitive information and promptly notifying relevant parties during an incident is a daunting challenge. The current...more
Popular file transfer tool MOVEit’s recent data security vulnerability prompted many businesses to communicate, internally and externally, about the impact of the incident on its business. Originally published in Law360 -...more
This year, Indiana joined several other states to pass a comprehensive consumer privacy law, that becomes operative on January 1, 2026. Like other consumer privacy laws, Indiana’s law requires businesses to establish...more
On June 21, 2023, the U.S. Department of Homeland Security (DHS) issued a final rule that revises the Homeland Security Acquisition Regulation (HSAR) to implement security and privacy measures for contractors to safeguard...more
The landscape for preventing, responding to, and avoiding the fines and other costs associated with data breaches has changed in the last three years. Since the beginning of the pandemic, data breaches have been on the rise...more
There’s no denying that data breaches are a major concern for organizations of all sizes, 2021 saw 1,860 data breaches occur (a record high), and 81% of those involved sensitive information like social security numbers and...more
Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of...more
Last week, I discussed eDiscovery in the Asia Pacific (APAC) region in terms of what each country has in place from a rules and discovery standpoint. eDiscovery isn’t the only discipline where US-based bloggers like me tend...more
Unless you’ve been completely disconnected from the internet for the past year, you’ve undoubtedly read about the passage of a number of state and international laws addressing privacy and cybersecurity. Does this mean that...more
The retention of prolific sensitive, personal electronic information has essentially become a responsibility inherent in the conduct of modern business. From the maintenance of medical records by a healthcare provider to the...more
Last week’s news that the Federal Trade Commission is taking steps to begin rulemaking on consumer privacy and artificial intelligence drew plenty of attention from privacy professionals, and suggests 2022 could be an...more
The immediate cyber incident is over – what happens next? Join our esteemed panellists as they outline key considerations when managing post-breach data classification and notification projects. Setting the scene through the...more
There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
In early March, the New York State Department of Financial Services (“NYDFS”) announced a consent order that required Maine-based mortgage servicer Residential Mortgage Services, Inc. (“Residential”) to pay a $1.5 million...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more
When prospective buyers conduct legal due diligence in merger and acquisition transactions the main focus is typically on the traditional items, such as financials, debt instruments, major contracts and other key metrics...more