As of April 1, 2025, all merchants and third-party service providers (TPSPs) involved in processing credit or debit card payments must fully adhere to the enhanced security requirements outlined in the Payment Card Industry...more
Following our recent client alert, learn more about PCI DSS 4.0 coming into effect and its impact on organizations in 2025. Mark Schreiber, Brian Long, and Sam Genovese share further insights from working with clients on...more
The act of predicting what will become the dominating storyline of data privacy and cybersecurity in 2025 is a hazardous enterprise, as one is almost surely to get something wrong. Without fail, every year, regulators and the...more
On March 31, 2022, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version—which brings major changes to the payments ecosystem—places an...more
The U.S. government and military experts have been warning U.S. companies that Russia may launch significant cyberattacks against critical infrastructure, financial institutions and businesses in retaliation for the sanctions...more
“Reasonable” and “adequate” seem like benign terms — until you have to litigate using them as a standard for adequate data security. Over the coming years, the definition of “reasonable security” (and the alleged failure of...more
We help companies prepare for, respond to, and clean up data breaches and related events. We are lawyers, but in this role, we often look over the shoulders of cybersecurity technical experts, who are advising companies on...more
Legal Framework - Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws? The United States generally addresses cybersecurity...more
A compilation of time-sensitive and trending legal and regulatory issues that general counsels and business leaders should be aware of in 2015. Employers Should be Aware of Multigenerational Workforce Risk - For...more