A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
The U.S. Department of Veterans Affairs (VA) is overhauling and remaking its regulations aimed at contractor cybersecurity and privacy practices. Any companies in the VA supply chain should take note and ensure compliance...more
The Federal Trade Commission (FTC) recently announced its position on breach notification: “Regardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties...more
Last week, the U.S. Senate passed S. 3600, the Strengthening American Cybersecurity Act, which represents a significant step forward in the establishment of a national data breach notification law for certain critical...more
On April 7, 2020, the staff of the Office of Compliance Inspections and Examinations (OCIE) issued a risk alert (Alert) informing investment advisory firms of the potential areas of focus for Form CRS-related examinations. In...more
A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. ...more
OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
The National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive...more
With no Congressional consensus to adopt a federal data privacy and breach notification statute, states are updating and refining their already-existing laws to enact more stringent requirements for companies. Two states...more