News & Analysis as of

Cybersecurity Data Security Regulatory Requirements

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +
Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now.   less -
BakerHostetler

Data Governance: Practical Considerations for a Reasonable Security Program

BakerHostetler on

Imagine receiving an email from an unknown actor claiming to have taken approximately 2 terabytes of data from your organization’s network. The threat actor provides a file tree and sample files to substantiate its claim....more

Robinson+Cole Data Privacy + Security Insider

FTC Order with GoDaddy Finalized Over Lax Data Security

On May 21, 2025, the Federal Trade Commission (FTC) finalized its order with GoDaddy over allegations that GoDaddy “failed to implement standard data security tools and practices to protect customers’ websites and data.” In a...more

Blake, Cassels & Graydon LLP

Nouveau cadre relatif aux incidents de sécurité de l’information à l’intention des institutions financières québécoises

Le 23 avril 2025, le Règlement sur la gestion et le signalement des incidents de sécurité de l’information de certaines institutions financières et des agents d’évaluation du crédit (le « Règlement ») est entré en vigueur au...more

Hogan Lovells

EURid celebrates its 19th anniversary

Hogan Lovells on

EURid, the Registry responsible for running the .EU Top Level Domain (TLD), recently posted a publication to celebrate its 19th anniversary and highlight its achievements. EURid was incorporated under Belgian law in April...more

Goodwin

The Rise of Agentic AI: From Conversation to Action

Goodwin on

The artificial intelligence (AI) landscape is evolving at a dizzying pace. Just as organizations were adapting to generative AI and its capabilities for creating content, a new paradigm has emerged. ...more

Orrick, Herrington & Sutcliffe LLP

OIG makes seven recommendations for CFPB following major incident

On May 5, the OIG for the Fed authored a report with several recommendations for the CFPB following a major security incident regarding confidential supervisory information (CSI). The OIG issued four findings with seven...more

Alston & Bird

UK Publishes Software Security Code

Alston & Bird on

Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors...more

Eversheds Sutherland (US) LLP

Preparing for Regulation S-P and takeaways from the SEC’s session at the Incident Response Forum Masterclass 2025

On April 22, 2025, Laura D’Allaird, Chief of the SEC’s Cyber and Emerging Technologies Unit (CETU), participated in the Incident Response Forum Masterclass 2025 (Incident Response Masterclass). In the session, titled “SEC...more

Hogan Lovells

NYDFS: Penultimate set of cybersecurity requirements under amended Part 500 take effect May 1, 2025

Hogan Lovells on

On May 1, 2025, additional cybersecurity requirements introduced by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) took...more

Alston & Bird

Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect

Alston & Bird on

On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more

Husch Blackwell LLP

Effective Dates Draw Near for Insurance Industry to Comply with NYDFS's Cybersecurity Rules

Husch Blackwell LLP on

As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more

A&O Shearman

FSB publishes finalised format for FIRE framework

A&O Shearman on

The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more

Jackson Lewis P.C.

Florida Bar Urges Law Firms to Adopt Incident Response Plans: A Call to Action for Legal Professionals

Jackson Lewis P.C. on

In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to...more

Alston & Bird

2025 State Cybersecurity Legislation Focuses on Financial Services

Alston & Bird on

Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the...more

Cozen O'Connor

Cybersecurity Best Practices for AI-Powered Robotics Under State and Federal Privacy Laws

Cozen O'Connor on

As robotics technology rapidly advances in connection with the use of artificial intelligence (AI), the collection, processing, and storage of personal information—including biometric data—will become increasingly common....more

Orrick, Herrington & Sutcliffe LLP

OCC provides an update on its security breach given institutional risk

On April 14, the OCC released a letter providing more details on the recent security breach involving its email systems. The breach — identified as a major incident under the Federal Information Security Modernization Act...more

Davis Wright Tremaine LLP

FedRAMP 20x Initiative Promises Major Changes for Federal Cloud Service Providers

Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more

Alston & Bird

Cybersecurity Controls: What Do Regulators Expect Nowadays?

Alston & Bird on

Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more

Blake, Cassels & Graydon LLP

New Information Security Incident Framework for Quebec Financial Institutions

On April 23, 2025, Quebec’s Regulation respecting the management and reporting of information security incidents by certain financial institutions and by credit assessment agents (Regulation) will come into force. Issued by...more

Ice Miller

As the Department of Justice Affirms and Advances Its Cyber-Fraud Initiative, Government Contractors Should Take Steps to Ensure...

Ice Miller on

While some areas of white-collar enforcement have been deprioritized by the Trump Administration, the Department of Justice (DOJ) remains committed to its Civil Cyber-Fraud Initiative as demonstrated by two recent False...more

Hinshaw & Culbertson - Privacy, Cyber & AI...

Are Your Cybersecurity Controls Ready for the New York State Department of Financial Services' Deadlines?

In November 2023, New York State's Department of Financial Services (NYDFS) amended its cybersecurity regulation, Part 500. This legal alert provides an update for Covered Entities and Class A Businesses on the current NYDFS...more

Sheppard Mullin Richter & Hampton LLP

Insurance Cybersecurity Certifications: An (Updated) State Roundup

Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a...more

Clark Hill PLC

Right To Know - April 2025, Vol. 28

Clark Hill PLC on

Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. ...more

Troutman Pepper Locke

OCC Notifies Congress of Major Email System Security Breach

Troutman Pepper Locke on

On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more

Maynard Nexsen

NAIC Spring Meeting Update Part Two

Maynard Nexsen on

As discussed in last week’s article, along with almost 3,000 regulators and insurance industry leaders, the Maynard Nexsen Insurance Regulatory team of attorneys attended the National Association of Insurance Commissioners...more

198 Results
 / 
View per page
Page: of 8

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide