No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
Life With GDPR: Critical Perspectives on Big Law Firm Cybersecurity
Lawmakers expressed bipartisan support for significantly amending or eliminating some cybersecurity incident notification requirements during a recent hearing of the U.S. House Committee on Homeland Security's Subcommittee on...more
In terms of healthcare data breaches, 2024 was the worst year ever, with the records of at least 53% of the U.S. population involved and two of the biggest healthcare data breaches of 2024 ranking in the top 10 of all time. ...more
There has been an increase in enforcement action and strategies relating to cybercrimes, supply-chain related offenses, VAT fraud, corruption, and money laundering. A significant shift has been prompted by the EU Corporate...more
The Voting Record and Public Statements of the Commissioners Provide a Roadmap - There has been much speculation on what SEC enforcement will look like under a new administration, especially now that President-elect Donald...more
New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more
The first wave of Australia's expansive privacy law reforms has been introduced into Federal Parliament in the Privacy and Other Legislation Amendment Bill 2024 (Cth) ("Bill")....more
The US privacy legal landscape continues to expand in 2024, with most of the momentum led by state laws. ...more
As businesses grapple with the evolving, regulatory landscape for data privacy, the Texas Data Privacy & Security Act (TDPSA) emerges as a pivotal law. This comprehensive legislation, effective July 1, 2024, established...more
CYBERSECURITY - Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks - The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
On February 1, 2024, the Connecticut Office of the Attorney General (the “OAG”) issued a report mandated by the Connecticut Data Privacy Act (the “CTDPA”), Conn. Gen. Stat. § 42-515 et seq. (the “Report”), which Report is...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
Recent activity by the New York Department of Financial Services (NYDFS) and the Securities and Exchange Commission (SEC) highlight the continued focus by government regulators on cybersecurity. As these and other regulators...more
CYBERSECURITY - New York Governor Proposes Cybersecurity Regulations for NY Hospitals - On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within...more
On October 27, 2023, the Federal Trade Commission (“FTC”) adopted an amendment to the FTC’s Safeguards Rule that will require non-banking financial institutions to notify the FTC within thirty days of discovering a data...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
On July 26, 2023, the SEC adopted new cybersecurity rules, which have two top-line impacts. First, registrants must disclose material cybersecurity incidents promptly on Form 8-K. Second, registrants must disclose new...more
The Securities and Exchange Commission (“SEC”) adopted the final rules (the “Final Rules”) on July 26, 2023 that will require disclosure of material cybersecurity incidents, cybersecurity risk management, strategy, and...more
The Securities and Exchange Commission (“SEC”) voted on July 26, 2023 to adopt new cybersecurity rules, which are aimed at helping investors better understand the cybersecurity risks associated with public companies by...more
On July 26, 2023, the Securities and Exchange Commission (the “SEC”) adopted new rules requiring public companies to disclose within four business days material cybersecurity incidents they experience and to disclose annually...more
The SEC has recently voted on new rules that will require companies to disclose material cybersecurity incidents within four days and to make disclosures about their broad cybersecurity risks in their annual report. Tom Fox...more
On July 26, the Securities and Exchange Commission (SEC) adopted, by a 3-2 margin, a final rule to require more immediate disclosure of material cybersecurity incidents by public companies. In addition, the final rule...more
On July 26, a divided SEC adopted a final rule outlining disclosure requirements for publicly traded companies in the event of a material cybersecurity incident. ...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted its long-anticipated cybersecurity reporting rule (the “Final Rule”). The Final Rule applies to public companies subject to the reporting requirements...more
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public companies. The rules, which will become effective thirty days after publication in...more