Find Someone Observant: The Vital Role of Facility Security Officers
2023 DSIR Report Deeper Dive into the Data
Guidepost in Motion - Cybersecurity Frameworks and Metrics Part 2
Debra Geroux and Scott Wrobel on Responding to Data Breaches
Compliance and Regulations - Ensure adherence to SEC regulations with appropriate privacy and cybersecurity policies tailored to SEC requirements....more
In an effort led by industry experts and nearly 1,000 stakeholders, the European Union introduced the first draft of the General-Purpose AI (GPAI) Code of Practice (the Code), an important addition to its regulatory framework...more
Welcome to our eighth 2024 issue of Decoded - our technology law insights e-newsletter. Thank you for reading. EU AI Act Tightens Grip on High-Risk AI Systems: Five Critical Questions for U.S. Companies - Why this is...more
A critical vulnerability, CVE-2024-0132, has surfaced in NVIDIA’s Container Toolkit, placing a substantial portion of cloud environments at risk. Discovered by researchers at Wiz, the flaw affects both the NVIDIA Container...more
On February 8, 2024, the Federal Communications Commission outlawed AI-generated voices in robocalls and with the upcoming Presidential election in the United States, it is easy to see why. Imagine the implications if “leaked...more
When evaluating cybersecurity and data protection risk for our clients, the two most fundamental questions that need to be answered are: How vulnerable is our organization to active cyber threats that are likely to...more
The New York Department of Financial Services (NYDFS) on Nov. 9, 2022, released Proposed Amendments to its Cybersecurity Regulation. The NYDFS Cybersecurity Regulation was one of the first laws requiring companies to comply...more
Ken Mendelson welcomes back Andy Cottrell, the founder and CEO of cybersecurity consulting firm Truvantis to talk more about cybersecurity frameworks. They discuss the difference between a cyber audit and cyber assessment and...more
As summarized in the first installment of our two-part blog series, President Biden recently issued a sweeping Executive Order aimed at improving the nation’s cybersecurity defense. The Order is a reaction to increased...more
In a rare move, the Department of Health and Human Services (HHS) has issued a warning to hospitals and health systems to prioritize the patching of a two-year-old vulnerability in picture archive communication systems...more
The U.S. Securities and Exchange Commission (SEC) has launched a stunning salvo across the bows of public companies with its announcement of civil monetary penalties and a cease-and-desist order against First American...more
U.S. hospitals, already on the front lines of fighting the coronavirus pandemic, are now facing viral attacks by cybercriminals. More than 20 U.S. hospitals and health care organizations have reported their data being held...more
In response to challenges facing the financial services industry as a result of coronavirus (COVID-19), New York's Department of Financial Services (DFS) has issued a COVID-19 compliance order, along with a series of industry...more
We are living in the age of data and big data, where everyone wants to collect as much information as possible. The ability to analyze and monetize such information is a key strategy and selling point for many businesses. ...more
Government contractors are no strangers to the numerous quality standards and assurances required by the government. Over the past several years, cybersecurity in federal contracting has emerged as yet another standard to...more
James Grago has a nice business going. He runs a website called ClixSense.com that permits users to earn money by completing surveys and watching advertisements. Revenues grew from $6.7 million in 2015 to $9.1 million in...more
California has taken bold steps to regulate the privacy and security of personal information, creating unprecedented remedies for data breaches and recognized European-style rights for consumers in their data. On September...more
The Federal Trade Commission is putting more teeth into the multiyear compliance obligations of consent orders it enters into with companies to settle enforcement actions related to data breaches. The FTC recently issued a...more
Encryption refers to the process of converting data into a form that is unreadable unless the recipient has a pre-designated algorithm, a “key,” and a password to convert the information into readable text. Most statutes,...more
If you clicked on this post, that means you probably fall into one of two categories. Category 1: You are really tired of having to come up with – and remember – increasingly more complicated passwords, only to then be asked...more
The EU’s General Data Protection Regulation (GDPR), which went into effect in May 2018, requires companies to implement appropriate security measures when handling personal data....more
The era of big data is here. Although we are yet to see its full potential, the use of big data analytics is already proving invaluable to businesses and its applications have been found in numerous and diverse sectors. ...more
Connected medical devices deliver numerous benefits not available before, including improved monitoring of patient welfare and a wealth of vital data. But for all the advantages available through these devices, their...more
As public concern over data security grows in the wake of the Equifax data breach, the U.S. Securities and Exchange Commission (SEC) is increasing its scrutiny of registered investment advisors (RIAs). In turn, RIAs should...more
As federally regulated financial institutions (FRFIs) expand their reliance on technology, employ progressively complicated and interconnected networks and systems, increase their electronic service offerings and collaborate...more