Data Retention and Document Holds
Trial by Tech: The Evolution of the Digital Courtroom – Speaking of Litigation Video Podcast
Information Security and ISO 27001
No Password Required: LIVE From Sunshine Cyber Con
Calculating eDiscovery Costs: Tips from Brett Burney
No Password Required: President at Constellation Cyber, Former FBI Translator, and Finder of Non-Magical Mushrooms
Managing Large Scale Review Efficiency: Tips From a GC
DE Under 3: US DOL Inspector General’s Office Report Cites IT Modernization & Security Concerns
RegFi Episode 8: The Technological Path to Outcomes-Based Regulation with Matt Van Buskirk
Podcast: Discussing Information Blocking with Eddie Williams
The Data Center Cooling Conundrum With Leland Sparks - TAG Infrastructure Talks Podcast
[Podcast] TikTok off the Clock: Navigating the TikTok Ban on Devices for Government Contractors
Everything Dynamic Everywhere: Managing a More Collaborative Microsoft 365
Law Firm ILN-telligence Podcast | Episode 62: Pierre Hurt, Lutgen & Associes | Luxembourg
ATL1, Atlanta Infrastructure and More With Brandon Peccoralo of Databank - TAG Infrastructure Talks Podcast
Expanded Information Block Rules Go into Effect
5 Key Takeaways | Current Perspectives Around the Convergence of Life Sciences and IT
No Password Required: A Child of the 1980s With a Knack for Storytelling, Comedic Timing, and Building an Elite Cybersecurity Team
Changing Hands: Keys To Downstream M&A IT Integration
Mia Reini and Monica Lopez Reinmiller on a Risk-Based Approach to Managing Employee Hotlines
Organizations seeking to improve their cybersecurity posture in 2025 must assess what happens after an incident has occurred, and how an incident response team will be able to mobilize to respond. This article provides...more
Feel confident tackling any threat with a unified incident management approach that integrates roles, communication, and recovery tasks. Small and medium-sized organizations without a disaster recovery plan are 40% more...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
Cyber issues are seldom out of the news, from ransomware attacks and espionage to non-malicious outages that cause widespread concern. Organizations need to protect themselves against both current and future risks and...more
In late June, the staff of the U.S. Securities and Exchange Commission’s Division of Corporation Finance released five new compliance and disclosure interpretations regarding the disclosure of material cybersecurity incidents...more
The Digital Operational Resilience Act (DORA) is an EU regulatory framework, aimed at enhancing the financial sector’s ability to withstand and recover from ICT (information and communication technology) disruptions....more
Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding disclosures of material cybersecurity incidents via Form 8-K under...more
The proliferation of cybersecurity regulations has the White House and Congress calling for harmonization to streamline regulations, focus on reciprocity, and decrease compliance costs. Senator Gary Peters (D-MI), chair of...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released its new Proposed Rule pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which was published in the...more
Last week, Paul Hastings attended the Securities and Exchange Commission (SEC) Speaks 2024 event presented by the Practising Law Institute (PLI) in cooperation with the SEC on April 1 and 2. The SEC Speaks program provides...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick...more
The U.S. Securities Exchange Commission (SEC) recently adopted a final rule regarding cybersecurity risk management, governance, and incident reporting. The final rule went into effect on September 5, 2023, and disclosure...more
In 2023, the U.S. Securities and Exchange Commission (“SEC”) issued its now-fully implemented Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule. The Rule reflects the reality that cybersecurity...more
The European Union’s (EU) new Digital Operational Resilience Act (DORA) will go into effect in January 2025. Our Privacy, Cyber & Data Strategy Team digs into DORA and discusses how the new law may impact businesses inside...more
Earlier this month the Federal Acquisition Regulation (“FAR”) Council released two draft rules which would impose new cybersecurity requirements for federal contractors. The proposed rules, Cyber Threat and Incident Reporting...more
WHAT: As we previously reported here, on October 3, 2023, the Federal Acquisition Regulatory Council (FAR Council) proposed a pair of major cybersecurity rules intended to implement key parts of President Biden’s May 2021...more
In what can best be described as a tsunami of cybersecurity regulation, the Federal Acquisition Regulation (FAR) Council—consisting of the Department of Defense (DoD), General Services Administration (GSA), and National...more
The Federal Acquisition Regulatory (FAR) Council on Oct. 3, 2023, issued two proposed rules to partially implement President Biden's Executive Order on Improving the Nation's Cybersecurity. The first proposed rule imposes...more
Key Point: The decision making processes to determine whether a cybersecurity incident is material or not, should include documenting the factors behind each determination and should be practiced before an incident occurs. ...more
In May 2021, Colonial Pipeline, a privately held oil pipeline responsible for nearly half of the oil supply for the U.S. East Coast, was crippled by a DarkSide ransomware attack. DarkSide is widely believed to be a...more
The attention on IT Risk and Cybersecurity risk management policies is reaching new heights — again. It doesn’t matter if you’re a large enterprise like Uber or a small / midcap company; there’s one common thread as we start...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
One thing all companies have in common if they’re doing business in the e-commerce world today is the need to secure and protect their infrastructure and sensitive data. There are both state and federal regulations that...more