The New York State Department of Financial Services (NYDFS) recently published a revised proposed second amendment to its cybersecurity regulation, 23 NYCRR 500. ...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
Many general counsels, as well as their privacy and cybersecurity teams, are understandably focused on their company’s coronavirus safety measures - and that is good news to the hackers. Hackers thrive amidst confusion and...more
Revised Proposed Regulations. Just when you exhaled after the January 1, 2020, effective date of the California Consumer Privacy Act, on February 10, the California attorney general released modifications to the draft of the...more
Are your employees instructed on the proper (and improper) use of social media? Does your organization have policies and provide training on the appropriate handling of sensitive information? A recent United States Department...more
Ninth hearing on Competition and Consumer Protection in the 21st century highlights challenges of addressing persistent threats to data security. On December 11 and 12, the Federal Trade Commission (the FTC or the...more
Although organizations have dealt with privacy issues for years, only in the past decade have they begun to view the complexities of privacy as requiring formal organizational structure, dedicated employees, and/or dedicated...more
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until...more
In September, 2015, OCR and HHS issued a press release announcing a Resolution Agreement with the Cancer Care Group, P.C., which included entry into the agreement, the adoption of a robust compliance plan, and the payment of...more
If you read one thing... - On September 15th, the SEC OCIE announced in a Risk Alert it will launch a second round of cybersecurity examinations of registered broker-dealers and investment advisers, which will be more...more
On September 15, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert re-emphasizing the careful scrutiny it will give to the data security practices of...more
An organization’s information can be put at risk when staff begin to bring their own devices and use them in the workplace. As a result, in such cases, an organization should consider adopting an appropriate “bring your own...more
Employees are the front line of your information security defense. While technological protections are essential (for example, anti- virus software, firewalls, spam filters, etc.), none are as effective as a vigilant end...more
In this issue: - Navigating Public Company Cybersecurity Obligations: Advising Boards and Disclosing to Investors - FTC Updates School-Related COPPA Guidance - Status Update on the EU Data Protection...more
The Federal Financial Institutions Examination Council (FFIEC) has released its long-awaited Cybersecurity Assessment Tool (Assessment) to help financial institutions identify the inherent risks faced by a company and...more
On June 19, 2015, the National Institute of Standards and Technology (NIST) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal...more
In This Presentation: - Regulatory expectations for financial institutions - Risks for financial institutions - Planning to reduce risks - The Breach - Duties and responsibilities -...more
Tens of thousands of cyber attackers employed by Chinese People’s Liberation Army and other employees and contractors of the Chinese Ministry of State Security work diligently every day to steal information from U.S....more
Many have heard that “it is not a matter of if a company will be attacked, but when.” Statements like this used to be met with skepticism – companies would say we do not have information hackers want, we outsource our...more