When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
Uncovering Hidden Risks: Ep 13 - Unveil Data Security Paradoxes
The Securities and Exchange Commission (“SEC”) adopted the final rules (the “Final Rules”) on July 26, 2023 that will require disclosure of material cybersecurity incidents, cybersecurity risk management, strategy, and...more
“Material Cybersecurity Incident” Standard Will Have a Monumental Impact on Current Cyber Disclosure Requirements - On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) adopted the Cybersecurity Risk...more
On July 26, 2023, the SEC adopted final rules that require public companies to promptly disclose material cybersecurity incidents on Form 8-K and detailed information regarding their cybersecurity risk management and...more
On July 26, 2023, the Securities and Exchange Commission (the “SEC”) adopted new rules requiring public companies to disclose within four business days material cybersecurity incidents they experience and to disclose annually...more
The SEC has recently voted on new rules that will require companies to disclose material cybersecurity incidents within four days and to make disclosures about their broad cybersecurity risks in their annual report. Tom Fox...more
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public companies. The rules, which will become effective thirty days after publication in...more
Come December 2023, public companies will have a very narrow window to report cybersecurity incidents that materially affect their companies. Companies will also have to report annually how they assess and manage...more
A recent significant enforcement action brought by the U.S. Securities and Exchange Commission against Blackbaud Inc. highlights the importance of public companies maintaining disclosure controls and procedures relating to...more
In the wake of Russia’s invasion of Ukraine, and amid growing concerns regarding the threat of increased cyberattacks targeting infrastructure and other critical industries, there has been a flurry of federal activity to...more
The SEC has issued proposed rules on disclosure of cybersecurity incidents. Specifically, the SEC is proposing to: Amend Form 8-K to add Item 1.05 to require registrants to disclose information about a cybersecurity...more
As companies collect growing amounts of data about their customers and other consumers, sophisticated adversaries, recognizing the value of this information, have increased their efforts to pilfer it. For publicly traded...more
SEC Focus - The Securities and Exchange Commission (SEC) has been focused on cybersecurity issues for over a decade, tracing back to its initial guidance on this topic in 2011. On October 16, 2018, the SEC released a...more
The growing frequency and public awareness of cyberincidents, evolution of technologies employed by intruders, and proliferation of personal data and infrastructure vulnerable to attack have all contributed to heightened...more
In a recent speech, SEC Commissioner Kara Stein commented on the importance of cybersecurity. The Commissioner noted that encouraging adoption of written policies and procedures, voluntary frameworks and non-binding guidance...more
As cybersecurity attacks have continued to gain prominence as a threat posing critical risk management and compliance challenges for financial institutions, the Securities and Exchange Commission (SEC) has emerged as an...more
On Feb. 22, 2018, the Securities and Exchange Commission (SEC) issued its first interpretive guidance since October 2011 on public companies’ cybersecurity risk and incident disclosure obligations. ...more
The Commission's "new" cybersecurity guidance largely rehashes existing guidance, as is highlighted by objections from two commissioners. At most, the additional qualitative guidance is incremental. It reiterates the need to...more
In February 2018 the SEC outlined its views with respect to cybersecurity disclosure requirements under the federal securities laws as they apply to public reporting companies. Set forth below is a checklist of items included...more
On Feb. 21, the Securities and Exchange Commission (SEC) released interpretive guidance on public companies’ disclosure practices regarding cybersecurity breaches and risks to the public....more
The U.S. Securities and Exchange Commission on Feb. 21, 2018, issued interpretive guidance on public company cybersecurity disclosures. The new guidance will affect public companies and companies seeking to go public in...more
In light of the increasing significance of cybersecurity incidents, and their potential impact on a company's operations, on February 21, the Securities and Exchange Commission (SEC) issued guidance to public reporting...more
On February 21, 2018, the U.S. Securities and Exchange Commission (SEC) issued updates to its interpretive guidance on how public companies should disclose cybersecurity breaches and risks. There are two core messages at...more
A number of claims have been made against companies’ directors and officers alleging a breach of fiduciary duty for failing to adequately oversee data security programs. To date, the defendants’ oversight of the programs and...more
We continue to urge CEOs and boards of public companies (and private and not-for profits) to harken the call of getting a handle on cybersecurity risk to companies today. Not too soon, the New York Stock Exchange published a...more
The government appears to be increasing its enforcement efforts regarding cybersecurity risks. A three-judge panel of the U.S Court of Appeals for the Third Circuit recently held the FTC may bring a claim that a company’s...more