The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The Digital Operational Resilience Act (DORA) establishes a harmonised and comprehensive framework for information and communication technology (ICT) risk management in the financial sector. It is a directly applicable EU...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Covered institutions will need to review their cybersecurity and incident response policies and procedures ahead of the applicable compliance deadline. The Securities and Exchange Commission (SEC) recently adopted...more
The Federal Acquisition Regulation (FAR) Council has proposed two new cybersecurity rules that would impose significant obligations and risks for federal government contractors. The proposed rules impose substantial cyber...more
The growing concern around cyberthreats for companies across the nation is reflected in the increasingly crowded legislative landscape that provides guidance to organizations, employers, employees, consumers, and investors....more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
Last month, the SEC took a big step toward strengthening the cybersecurity of financial systems by proposing regulations that, taken together, will require registered investments advisers, broker‑dealers, and all national...more
On March 15, 2023, the SEC issued proposed amendments and a proposed rule addressing cybersecurity. Specifically, the SEC proposed Rule 10, which addresses cybersecurity risks, and proposed to amend Regulation SCI and...more
The attention on IT Risk and Cybersecurity risk management policies is reaching new heights — again. It doesn’t matter if you’re a large enterprise like Uber or a small / midcap company; there’s one common thread as we start...more
New cybersecurity rules from the U.S. Securities and Exchange Commission (“SEC”) set to go into effect this spring will expand reporting requirements for publicly listed companies. The changes are designed to increase...more
Crises and uncertainty are inevitable forces in modern business, particularly in cyber and digital. General counsels and legal risk executives are well suited to lead preparedness and resiliency for future crises, uniting key...more
Cybersecurity and technology governance remain a top area of focus for the SEC and FINRA, as the regulators continue to concentrate on improving the overall cybersecurity posture and resiliency of the financial sector. FINRA...more
According to the Cybersecurity & Infrastructure Security Agency, cybersecurity is the process whereby information and communications systems, and the information contained in those systems, are protected from and/or defended...more
On March 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed amendments to its rules to require additional disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by...more
Corporate risk and compliance officers already labor under an influx of concerns related to cybersecurity, so you might have missed this latest news: the U.S. Securities and Exchange Commission has proposed new rules for more...more
Each Academy provides three-and-a-half days of classroom-style training covering the latest laws, regulations, and developments to help you effectively manage your organization’s compliance program. They are ideal for...more
Requirements under the proposed rules would include the disclosure of: •Material cybersecurity incidents within four business days of the determination that a material cybersecurity incident has occurred in a Form 8-K- ...more
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed a number of new rules to enhance public companies’ reporting of (i) cybersecurity incidents, (ii) their policies and procedures for identifying and...more
[This post revises and updates my earlier post primarily to reflect the contents of the proposing release.] - At an open meeting last week, the SEC voted, three to one, to propose regulations “to enhance and standardize...more
On February 9, the Securities and Exchange Commission (“SEC”) voted to propose rule 206(4)-9 under the Advisers Act and 38a-2 under the Investment Company Act (collectively, “Proposed Rule”). In general, the Proposed Rule...more
As cybersecurity incidents become increasingly complex, your initial response to a potential cybersecurity crisis matters. The decisions that you make in the first 24 to 48 hours of a potential cybersecurity incident can have...more
For several years now, we’ve been alerting employers about the dangers of phishing scams that attempt to obtain private and personal information from employers... Many of these scams rear their ugly head around tax season,...more
• The NFA has determined that registered CPOs must implement an internal controls system and highlighted best practices for such a framework. • In response to certain frequently asked questions, the NFA has also updated its...more
On Feb. 21, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance on its expectations for corporate disclosures on cybersecurity risks. The guidance delineates where it believes existing SEC rules...more
In an environment where even the largest and most powerful corporations have fallen victim to data breaches, it can be challenging to fathom how to protect against the sophisticated and ever-evolving threat of cyber attacks....more