On January 26, the National Institute of Standards and Technology (NIST) published its much anticipated AI Risk Management Framework 1.0 (AI RMF or Version 1.0), a risk-management resource for organizations designing,...more
The Chairwoman of the Federal Communications Commission recently articulated a new vision of that agency’s role in the nation’s cybersecurity. The FCC, as an independent agency with a relatively discrete set of regulatory...more
On November 1, 2022, the Federal Trade Commission (FTC) hosted PrivacyCon 2022, its seventh annual conference in which the Commission looks to academics and researchers to inform its efforts to address emerging consumer...more
On October 20, 2022, the Federal Trade Commission (FTC) announced the launch of a new rulemaking process to address how fees are charged for goods or services, focusing on potentially “deceptive or unfair” fees that the FTC...more
10/24/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Advertising ,
AMG Capital Management LLC v FTC ,
Corporate Counsel ,
Cybersecurity ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Fees ,
FTC Act ,
Marketing ,
Proposed Rules ,
Surveillance ,
Unfair or Deceptive Trade Practices
The National Institute of Standards and Technology (NIST) is leading the federal government’s charge on a framework for assessing and managing risks in artificial intelligence (AI), with a critical workshop this week to...more
At this week’s #MWC22, cybersecurity has been a major focus. Several panels were dedicated to exploring timely cybersecurity issues, including new and growing threat vectors; innovative industry advancements in cybersecurity;...more
On July 29, 2022, the New York Department of Financial Services (DFS) released Draft Amendments to its Part 500 Cybersecurity Rules. These changes are open for a preliminary public comment until August 18, and then an...more
8/17/2022
/ Chief Information Security Officer (CISO) ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Financial Institutions ,
Financial Services Industry ,
Multi-Factor Authentication ,
New York ,
Popular ,
Proposed Amendments ,
Securities and Exchange Commission (SEC)
On June 3, 2022, Senator Wicker (R-Miss.), Ranking Member of the Senate Commerce Committee, and Representatives Pallone (D-N.J.) and Rodgers (R-Wash.), Chairman and Ranking Member of the House Energy and Commerce Committee,...more
6/10/2022
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Data Protection Acts ,
Data Retention ,
Federal Trade Commission (FTC) ,
Privacy Laws ,
Private Right of Action ,
Proposed Legislation
The Federal Trade Commission (FTC) now has a full slate of Commissioners and it is expected to ramp up privacy and cybersecurity enforcement and rulemaking in a number of critical areas. Join us for a discussion of the FTC’s...more
6/2/2022
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Data Use Policies ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Federal Trade Commission (FTC) ,
Online Safety for Children ,
Personally Identifiable Information ,
PHI ,
Popular ,
Rulemaking Process ,
Targeted Digital Advertising ,
Webinars
Public comments in an ongoing cybersecurity proceeding at the National Institute of Standards and Technology (NIST) highlight the utility of a foundational cybersecurity document while also providing suggestions for its...more
Public comments on updating the National Institute of Standards and Technology’s (NIST), the Framework for Improving Critical Infrastructure Cybersecurity (CSF), highlight private and public sector interest in this core...more
Join us to discuss effective approaches to managing due diligence on privacy and cybersecurity issues across transactions. Companies considering acquisitions or joint ventures will need to engage in effective management of...more
5/9/2022
/ Acquisitions ,
Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Due Diligence ,
Information Governance ,
Joint Venture ,
Popular ,
Risk Management ,
Webinars
The European Union (EU) and United States have reached a “deal in principle” to establish a new Trans-Atlantic Data Privacy Framework (Framework), which is meant to foster the exchange of data between the EU and U.S. This new...more
On March 29-31, 2022, the National Institute for Science and Technology (NIST) held its second broad stakeholder workshop on its draft Artificial Intelligence Risk Management Framework, titled Building the NIST AI Risk...more
The National Institute of Standards and Technology (NIST) has kicked off the process for revamping its flagship cybersecurity guidance document – the Framework for Improving Critical Infrastructure Cybersecurity (CSF), which...more
What: Publicly traded companies may soon be subject to additional cybersecurity reporting requirements. On March 9, 2022, the Securities and Exchange Commission (SEC) proposed rules and amendments to enhance and standardize...more
Federal agencies have been actively looking at cyber threats to critical infrastructure. In a January 27 announcement the White House said: “it will extend the Industrial Control Systems (ICS) Cybersecurity Initiative to the...more
1/28/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Environmental Protection Agency (EPA) ,
Information Technology ,
Joe Biden ,
NDAA ,
Pipelines ,
Popular ,
Railways ,
Ransomware ,
Wastewater ,
Water ,
Wiretap Act
As 2021 draws to a close, businesses subject to California’s privacy laws should pay close attention to developments underway in that state that will have broad impacts on compliance strategies. On September 22, 2021, the...more
On September 22, 2021, the California Privacy Protection Agency (CPPA or Agency)—the new agency established by the California Privacy Rights and Enforcement Act (CPRA)—released an Invitation for Preliminary Comments on...more
On May 12, 2021, President Biden issued the long-expected Executive Order on Improving the Nation’s Cybersecurity (“EO” or “Order”). The EO comes amidst a series of high-profile cyber-attacks on the Nation and its critical...more
5/13/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Crimes ,
Cybersecurity ,
Executive Orders ,
Federal Contractors ,
Information Technology ,
National Security ,
Private Sector ,
Reporting Requirements ,
Supply Chain
Utah has become the second state to establish a legal safe harbor for private-sector entities that follow certain cybersecurity best practices. On March 11, 2021, Utah’s Governor Spencer Cox signed into law the Cybersecurity...more
The National Institute of Standards and Technology (NIST) has been an active driver of Internet of Things (IoT) cybersecurity efforts for several years, convening stakeholders from the federal government and the private...more
On December 17, 2020, the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force (“the Task Force”)—a public-private partnership whose membership includes industry representatives from...more
On December 15, 2020, the National Institute of Standards and Technology (NIST) released four new draft Internet of Things (IoT) cybersecurity documents to provide guidance for federal agencies and device manufacturers....more
Artificial intelligence (AI) technology and applications have been expanding over the last few years, and in 2021, we expect government agencies to ramp up their efforts to deal with the actual and perceived impacts of the...more