On May 21, 2024, Erik Gerding, the director of the Division of Corporation Finance of the Securities and Exchange Commission (SEC), released a statement containing guidance for public companies regarding the disclosure of...more
Balancing cybersecurity incident disclosures has been a challenge for those in the trenches for years. That has not changed, and recent regulatory activity should not alter the challenges breach counsel confront. In short,...more
The U.S. Department of Veterans Affairs (VA) is overhauling and remaking its regulations aimed at contractor cybersecurity and privacy practices. Any companies in the VA supply chain should take note and ensure compliance...more
FTC Publishes Blog Post That Could Expand Data Breach Notification Requirements – On May 20, 2022, the Federal Trade Commission (FTC) published a blog post suggesting that, in certain instances, a company may have to do...more
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed...more
A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. ...more
OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
In the United States Congress has repeatedly attempted, but failed, to agree on federal data breach notification legislation. As a result, there is no single federal statute that imposes a breach notification obligation on...more
With no Congressional consensus to adopt a federal data privacy and breach notification statute, states are updating and refining their already-existing laws to enact more stringent requirements for companies. Two states...more
Federal cybersecurity legislation seeking to establish a national standard for data protection and breach response is quickly working its way through the legislative process. The bipartisan bill, formerly known as the Data...more
After five years of trying and failing, over the next several weeks Congress may finally make meaningful progress on cybersecurity and data breach legislation. This week the House Energy & Commerce Committee and the House...more
A closely watched bipartisan national data privacy, security, and breach notification bill cleared a House subcommittee yesterday, sending it to the full House Energy and Commerce Committee for review. There have been many...more
As part of a series of “sneak peeks” announced in advance of the State of the Union address on Tuesday, January 20th, President Obama made remarks last week before the Federal Trade Commission, the Department of Homeland...more
The slew of highly publicized data breaches over the past few years has brought the issue of cyber-security truly to the mainstream -- most recently reaching our living rooms through President Barack Obama’s State of the...more