News & Analysis as of

Cybersecurity Risk Assessment Regulatory Requirements

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +
Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now.   less -
Robinson+Cole Data Privacy + Security Insider

CISO’s: Take a Look at CSC’s CISO Outlook 2025 Report

Robinson+Cole Data Privacy + Security Insider on

Cybersecurity firm CSC recently issued its CISO Outlook 2025 Report, which predicts cybersecurity challenges CISOs will face in the next year. The report, from a survey of 300 CISOs and cybersecurity professionals globally,...more

Sheppard Mullin Richter & Hampton LLP

North Dakota Passes New Data Security Law for “Financial Corporations”

Sheppard Mullin Richter & Hampton LLP on

North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more

HaystackID

Strategic Signals: May 2025 HSR Filings Reveal Steady M&A Amid Market Shifts

HaystackID on

Through May 2025, corporate deal activity in the United States demonstrates remarkable resilience despite mounting economic pressures. Hart-Scott-Rodino (HSR) premerger notification filings through the first eight months of...more

Venable LLP

A Closer Look at the Data Security Requirements in DOJ's Bulk Data Rule

Venable LLP on

As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more

Orrick, Herrington & Sutcliffe LLP

California privacy agency opens comment period on regulations

Orrick, Herrington & Sutcliffe LLP on

On May 9, the California Privacy Protection Agency (CPPA) announced it opened the formal public comment period for its proposed regulations concerning updates to the California Consumer Privacy Act. The proposed rules would...more

Perkins Coie

Buckle Up! CPPA Is Driving Privacy Regulation and Enforcement Forward

Perkins Coie on

After a relatively slow start to 2025, the California Privacy Protection Agency (CPPA) is firing on all cylinders now. In recent weeks, the CPPA (i) revised the proposed Delete Request and Opt-out Platform (DROP) regulations...more

Alston & Bird

CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period

Alston & Bird on

On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic...more

Kilpatrick

AI Deregulatory Trends Continue; CPPA Board Proposes Revised Draft Regulations on Automated Decision-Making Technology, Risk...

Kilpatrick on

The California Privacy Protection Agency (“CPPA”) Board released newly modified draft regulations addressing automated decision-making technology (“ADMT”), risk assessments, and cybersecurity audits under the California...more

Husch Blackwell LLP

Effective Dates Draw Near for Insurance Industry to Comply with NYDFS's Cybersecurity Rules

Husch Blackwell LLP on

As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more

Pillsbury Winthrop Shaw Pittman LLP

The EU’s Cyber Resilience Act: New Cybersecurity Requirements for Connected Products and Software

Pillsbury Winthrop Shaw Pittman LLP on

The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more

Quarles & Brady LLP

New York Cybersecurity Regulation Requires Submission of Compliance Certification or Acknowledgement of Noncompliance Next Week

Quarles & Brady LLP on

On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more

Morgan Lewis

Key Messaging from ‘Aging Technology, Emerging Threats: Examining Cybersecurity Vulnerabilities in Legacy Medical Devices’

Morgan Lewis on

On April 1, 2025, the subcommittee on Oversight and Investigations of the House Committee on Energy and Commerce held a hearing on cybersecurity vulnerabilities in legacy medical devices. The hearing was largely a...more

Bennett Jones LLP

10 Key Questions to Guide Cyber Risk Management

Bennett Jones LLP on

Asking the right questions within your organization is key to effectively managing cyber risk. Here are 10 questions that you should ask your team...more

Sheppard Mullin Richter & Hampton LLP

FedRAMP 20x – Major Overhaul Announced to Streamline the Security Authorization Process for Government Cloud Offerings

Sheppard Mullin Richter & Hampton LLP on

On March 24, 2025, the Federal Risk and Authorization Management Program (“FedRAMP”) announced a major overhaul of the program, which is being called “FedRAMP 20x.” The FedRAMP 20x announcement stated there are no immediate...more

A&O Shearman

European Commission adopts RTS on the elements to assess when subcontracting certain ICT services under DORA

A&O Shearman on

The European Commission has adopted a Delegated Regulation supplementing Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards specifying the...more

A&O Shearman

Zooming in on AI #18: Cybersecurity requirements for AI systems

A&O Shearman on

The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more

McDermott Will & Emery

CPPA Releases Updates to Proposed CCPA Regulations

McDermott Will & Emery on

In advance of its April 4, 2025, board meeting, the California Privacy Protection Agency (CPPA) released a discussion draft of revisions to its proposed California Consumer Privacy Act (CCPA) regulations. These revisions...more

Hogan Lovells

Fortifying the Future: Hong Kong’s new cybersecurity laws to protect critical infrastructure

Hogan Lovells on

On 19 March 2025, the Legislative Council (the “LegCo”) passed the Protection of Critical Infrastructure (Computer System) Bill (the “Bill”), which is due to come into effect on 1 January 2026. This is a significant step in...more

Bradley Arant Boult Cummings LLP

Top 10 takeaways from the new HIPAA security rule NPRM

Bradley Arant Boult Cummings LLP on

On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more

J.S. Held

2025 J.S. Held Global Risk Report: Artificial Intelligence, Data & Digital Regulations

J.S. Held on

Artificial Intelligence (AI) has been touted as the answer to a multitude of business challenges. However, AI – along with machine learning and large language models (LLMs) – is still fraught with technical and regulatory...more

Mitratech Holdings, Inc

How to Automate Vendor Risk Management

Mitratech Holdings, Inc on

Learn how automating third-party risk management (TPRM) can enhance efficiency, security, and compliance and help businesses proactively address vendor risks....more

A&O Shearman

European Commission adopts Delegated Regulation on RTS on threat-led penetration testing under DORA

A&O Shearman on

The European Commission (EC) has adopted a Commission Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to RTS specifying the criteria used for identifying financial entities...more

Lowenstein Sandler LLP

Top AI Risks General Counsels Should Address

Lowenstein Sandler LLP on

Considering the rapid development and deployment of artificial intelligence (AI) in a wide array of applications and business sectors, it can be a daunting task for a company’s General Counsel (GC) to keep pace in identifying...more

A&O Shearman

European Supervisory Authorities approve terms of reference for new EU systemic cyber incidence co-ordination framework forum...

A&O Shearman on

The European Supervisory Authorities have published the terms of reference for the EU systemic cyber incident co-ordination framework Forum established under the EU Digital Operational Resilience Act. The Forum will be...more

Ankura

Enhancing Cross-Border e-Discovery and Data Breach Investigations with AI

Ankura on

Today’s interconnected world presents significant challenges for managing cross-border e-discovery and data breach investigations. These processes—critical for legal proceedings and cybersecurity—are often complicated by...more

68 Results
 / 
View per page
Page: of 3
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide