State AG Pulse | “Don’t Mess With Our Health or Our Kids!”
The Presumption of Innocence Podcast: Episode 59 - Enforcement Priorities of the Second Trump Administration: DOJ Focus
Consumer Finance Monitor Podcast Episode: Everything You Want to Know About the CFPB as Things Stand Today, and Lots More - Part 1
State AG Pulse | With the Reshaping of Government, More Power To State AGs
2024 Credit Reporting Review: Impactful Changes and Future Forecast — FCRA Focus Podcast
You've got Questions
Through the Crystal Ball: What's Next for Auto Finance — Moving the Metal: The Auto Finance Podcast
State AG Pulse | DEI in the Federal and State Spotlight
Are Overtime Wages and Tips Exempt From Income Tax? What Employers Need to Know to Prepare
The Labor Law Insider: What's Next for Labor Law Under the Trump Administration, Part II
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
2024 in Review: Major Debt Collection Trends and 2025 Outlook — The Consumer Finance Podcast
#WorkforceWednesday®: Workplace Law Shake-Up - DEI Challenges, NLRB Reversals, and EEOC Actions - Employment Law This Week®
FTC Regulatory and Enforcement Shifts Under New Leadership
7 Key Takeaways | The Changing Landscape of Federal Funding in the Trump Administration
Bipartisan Leadership and Reform at NAAG: Insights From Brian Kane — Regulatory Oversight Podcast
The Future of Auto Dealership Compliance: A Conversation With Tom Kline — Moving the Metal: The Auto Finance Podcast
The Privacy Insider Podcast Episode 11: Signal and Noise: The New Administration, Privacy, and Our Digital Rights with Cindy Cohn of Electronic Frontier Foundation
State Regulators Step Up: Responding to the CFPB's New Leadership — Regulatory Oversight Podcast
State Regulators Step Up: Responding to the CFPB's New Leadership — The Consumer Finance Podcast
Companies should not minimize the extent of a material cybersecurity incident by omitting material facts regarding the scope and potential impact of the incident. Cybersecurity risk factor disclosures should be tailored to a...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
The European Supervisory Authorities have published a joint report on the feasibility of further centralization of the reporting of major ICT-related incidents by financial entities to competent authorities. The ESAs' joint...more
The Department of Commerce (Commerce) Office of Information and Communications Technology and Services (OICTS) has broad authority—born out of executive action during the first Trump administration—to identify and mitigate...more
The Cyber Security Bill 2024 ("Cyber Bill") tabled in the Australian Federal Parliament yesterday is set to bring significant changes to the cyber security landscape in Australia....more
The proliferation of cybersecurity regulations has the White House and Congress calling for harmonization to streamline regulations, focus on reciprocity, and decrease compliance costs. Senator Gary Peters (D-MI), chair of...more
With the announcement of UK General Election for Thursday 4 July 2024, the Data Protection and Digital Information Bill has not completed the legislative process before the end of the current parliamentary session and will...more
As Vermont joins the growing number of states with comprehensive consumer data privacy laws, it stands out from the crowd with the ability of Vermonters to bring a private right of action (PRA) against large data holders. In...more
In 2025, new federal reporting requirements will require hundreds of thousands of organizations to report cyber incidents within hours of discovery to the United States Government, marking a significant impact on how...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released its new Proposed Rule pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which was published in the...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
The Accreditation Overhaul for North Carolina (and Florida) Colleges - Last month, North Carolina Governor Roy Cooper signed House Bill 8 (HB 8) into law. In addition to establishing a new computer science requirement for...more
On 3 October 2023, the European Commission announced a public consultation regarding the draft implementing regulation (Draft Regulation) establishing the European Common Criteria-based cybersecurity certification scheme...more
State privacy laws are changing rapidly in the U.S. Here are summaries of seven new state laws that have been enacted and go into effect in the next few years. We anticipate that more state legislatures will continue to enact...more
On May 28, 2023, the Texas Legislature passed the Texas Data Privacy and Security Act (TDPSA). Once this law becomes effective on July 1, 2024, Texas will become the tenth state to adopt a consumer data privacy law. This...more
The New York Department of Financial Services (NYDFS) published its proposed amendment to its 23 NYCRR Part 500 (Cybersecurity Rules) on November 9, 2022, following the release of the draft version on July 29, 2022....more
Legacy identity and access management (IAM) is often considered a cumbersome, complex, and archaic monolith. In particular, legacy IAM often requires lengthy development time for updates and onboarding new applications,...more
On 14 October 2021, the White House brought together the representatives of more than 30 national governments to address the transnational nature of the threat posed by ransomware attacks. The meeting resulted in a joint...more
On January 9, 2021, the Biden Administration issued Executive Order (EO) 14034, to further address the declared national emergency with respect to the information and communications technology and services (ICTS) supply...more
CYBERSECURITY - Free Ransomware Service Offered to U.S. Hospitals - The Center for Internet Security (CIS) announced last week that it has launched the Malicious Domain Blocking and Reporting (MDBR) service to assist...more
UK Government set to move forwards with regulation on consumer IoT device security The UK Government has just announced that it intends to draw up legislation aimed at ensuring that all consumer smart devices sold in the UK...more
With the start of a new decade, our team wants to share an overview of the past year and a look ahead to the coming months. Please find here a review of relevant legislation that the General Assembly passed in 2019, a summary...more
Previously we reported on the Department of Defense (‘DoD”) efforts to develop a Cybersecurity Maturity Model Certification (“CMMC”) program to verify the status of contractor cybersecurity and compliance. The CMMC program...more
As information technology (IT) companies have known for years, the U.S. government regularly acquires inferior technology, often slowly and at high prices. The U.S. Department of Defense (DOD), which stands to benefit the...more
On September 21, 2015, the National Association of Insurance Commissioners (NAIC) IT Examination Working Group adopted amendments to the IT section of the Financial Condition Examiners Handbook (“the Handbook”). The changes...more