News & Analysis as of

Information Technology Cybersecurity Regulatory Requirements

Davis Wright Tremaine LLP

FedRAMP 20x Initiative Promises Major Changes for Federal Cloud Service Providers

Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more

A&O Shearman

EC publishes draft delegated regulation on subcontracting RTS under DORA

A&O Shearman on

On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more

Troutman Pepper Locke

OCC Notifies Congress of Major Email System Security Breach

Troutman Pepper Locke on

On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more

Holland & Knight LLP

GSA Announces Overhaul of FedRAMP with Emphasis on Industry Input and Automation

Holland & Knight LLP on

The U.S. General Services Administration (GSA) recently announced plans to develop the Federal Risk and Authorization Management Program (FedRAMP) 20x – a new approach to the government-wide program for the security...more

Morgan Lewis

Data Center Operations: Aligning Supply Chain, Compliance, and Customer Expectations

Morgan Lewis on

The demand for data centers is continuing to accelerate, fueled largely by generative artificial intelligence (Gen AI), broader digital transformation, and organizations migrating to cloud infrastructure. Gen AI adoption...more

A&O Shearman

European Commission adopts RTS on the elements to assess when subcontracting certain ICT services under DORA

A&O Shearman on

The European Commission has adopted a Delegated Regulation supplementing Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards specifying the...more

Dacheng

China Monthly Data Protection Update: March 2025

Dacheng on

This monthly report outlines key developments in China’s data protection sector for March. The following events merit special attention...more

A&O Shearman

ESAs roadmap for designation of critical ICT third-party service providers under DORA

A&O Shearman on

The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more

Bennett Jones LLP

New Information Technology Security Requirements for Critical Infrastructure Facilities in Alberta

Bennett Jones LLP on

On May 31, 2025, the Alberta Security Management for Critical Infrastructure Regulation (the Regulation) will come into force and is expected to alter existing security requirements for critical resource infrastructure in...more

A&O Shearman

European Central Bank updates TIBER-EU framework to align with DORA RTS on TLPT

A&O Shearman on

The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more

A&O Shearman

European Banking Authority publishes amending guidelines on ICT and security risk management in the context of DORA

A&O Shearman on

The European Banking Authority (EBA) has published a final report with amending guidelines in respect of Guidelines EBA/GL/2019/04 on ICT and security risk management. The EBA reviewed the Guidelines in light of the Digital...more

Wiley Rein LLP

FAR Council Unveils Long-Anticipated Rule for Controlled Unclassified Information

Wiley Rein LLP on

WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more

A&O Shearman

EU joint report on the feasibility for further centralization of reporting of major ICT-related incidents

A&O Shearman on

The European Supervisory Authorities have published a joint report on the feasibility of further centralization of the reporting of major ICT-related incidents by financial entities to competent authorities. The ESAs' joint...more

Mayer Brown

Cybersecurity in the Financial Sector: EU’s Digital Operational Resilience Act Takes Effect

Mayer Brown on

Beginning 17 January 2025, the Digital Operational Resilience Act (DORA) will apply to almost all EU financial entities, including banks, insurers and reinsurers, brokers , payment and electronic money institutions,...more

Goodwin

Entry into force of DORA on January 17, 2025: The CSSF will be at the heart of the compliance framework in Luxembourg

Goodwin on

Digital Operational Resilience Act (DORA) aims to harmonize provisions related to cybersecurity and information and communication technology (ICT) risk management in the financial sector. Its scope covers nearly all entities...more

Faegre Drinker Biddle & Reath LLP

EU Digital Operational Resilience Act Priorities for 2025

Background - The Digital Operational Resilience Act (DORA), a European Union (EU) regulation that is set to transform how financial entities and their information technology (IT) service providers manage operational risks,...more

Jackson Lewis P.C.

FAQs for Schools and Persons Affected By the PowerSchool Data Breach

Jackson Lewis P.C. on

A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more

Vorys, Sater, Seymour and Pease LLP

California Expands Requirements for Data Brokers

On November 8, the California Privacy Protection Agency (CPPA), the agency tasked with implementing and enforcing the California Consumer Privacy Act (as amended by the California Privacy Rights Act), unanimously voted to...more

Nossaman LLP

FCC and CPPA Partner to Enhance Consumer Privacy and Data Safeguards

Nossaman LLP on

The Federal Communications Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA). FCC Chairwoman Jessica Rosenworcel...more

BCLP

The EU’s Digital Operational Resilience Act 2022/2554 (DORA)

BCLP on

Long IT sub-contracting chains can make it hard for financial institutions to understand the vulnerabilities in their IT estate and the location of key functions (where these may be located in entities who do not have a...more

Mayer Brown

ANPD Approves Data Breach Notifying Regulation

Mayer Brown on

Resolution No. 15, of April 24, 2024, of the Brazilian Data Protection Authority ("ANPD"), approved the Data Breach Notifying Regulation (the “Regulation”). The Regulation establishes procedures for data controllers to notify...more

Robinson & Cole LLP

Health Law Diagnosis - April 2024

Robinson & Cole LLP on

Additional States Implement Notice Requirements for Healthcare Transactions - In a prior blog post, we noted the trend of states enacting legislation implementing reporting requirements for certain healthcare transactions....more

Foley Hoag LLP - Security, Privacy and the...

HHS-OIG Releases Cybersecurity Toolkit

On March 26, 2024, the HHS Office of Inspector General (OIG) released a cybersecurity toolkit for HHS leaders to help them plan and deploy information systems in response to disasters and public health emergencies. The...more

Shutts & Bowen LLP

New Guidelines Anticipated Following HHS’s Health Cybersecurity Concept Paper

Shutts & Bowen LLP on

Updates to the Health Insurance Portability and Accountability Act Security Rule (“HIPAA Security Rule”) are planned for Spring 2024. New guidance from The Department of Health and Human Services (“HHS”) via a recently...more

Robinson+Cole Data Privacy + Security Insider

Update on Connecticut’s Consumer Privacy Law: How Has it Been Enforced?

The Connecticut Data Privacy Act (CDPA), which became effective on July 1, 2023, provides Connecticut residents with certain rights over their personal information and establishes responsibilities and privacy protection...more

45 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide