On December 27, 2024, the U.S. Department of Justice (DOJ) announced its final rule on the transfer of certain bulk sensitive personal data to China, Russia, and other countries. Following this, on January 3, 2025, the U.S....more
1/15/2025
/ Bureau of Industry and Security (BIS) ,
Compliance ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Final Rules ,
National Security ,
New Rules ,
Office of Foreign Assets Control (OFAC) ,
Regulatory Requirements
Cyber issues are seldom out of the news, from ransomware attacks and espionage to non-malicious outages that cause widespread concern. Organizations need to protect themselves against both current and future risks and...more
12/16/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Incident Response Plans ,
Information Technology ,
Machine Learning ,
Ransomware ,
Risk Assessment ,
Risk Management
On December 16, 2024, the new Cybersecurity Maturity Model Certification (CMMC) 2.0 program from the U.S. Department of Defense (DoD) will go into effect. CMMC 2.0 aims to improve cybersecurity standards within the defense...more
12/16/2024
/ Certification Requirements ,
Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Justice (DOJ) ,
Dodd-Frank ,
False Claims Act (FCA) ,
Federal Contractors ,
Flow Down Clause ,
Proposed Rules ,
Regulatory Agenda ,
Remediation ,
Subcontractors
On October 16, 2024, the New York Department of Financial Services (“NYDFS”) released an Industry Letter—entitled Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Letter”)....more
10/22/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Enforcement ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
On May 16, 2024, the U.S. Securities and Exchange Commission (“SEC”) adopted amendments to Regulation S-P (“Reg S-P”) that are intended to help protect investors’ privacy from the “expanded use of technology and corresponding...more
5/29/2024
/ Broker-Dealer ,
Compliance ,
Customer Information ,
Incident Response Plans ,
Investment Adviser ,
Investors ,
Notice Requirements ,
Personal Information ,
Policies and Procedures ,
Privacy Laws ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
The Director of the Division of Corporation Finance of the SEC issued a statement last week relating to the recent SEC cybersecurity disclosure rules that require public companies to disclose the occurrence of material...more
5/28/2024
/ Banking Sector ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Investors ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Voluntary Disclosure
Managing these risks at a single company should be straightforward. Executives and CISOs may be personally held accountable for cyber failings, negligence, breaches, and inadequate disclosure around cyber vulnerabilities and...more
4/3/2024
/ Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Insurance ,
Cybersecurity ,
D&O Insurance ,
Data Breach ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Investigations ,
Liability ,
Popular ,
Private Equity ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Whistleblowers
At this point, it is self-evident that companies are grappling with an ever-evolving (think: tougher) cyber risk terrain. However, two recent cases against companies and their Chief Information Security Officers (CISOs),...more
2/27/2024
/ Board of Directors ,
Breach of Duty ,
Chief Information Security Officer (CISO) ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Popular ,
Regulatory Agenda ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Whistleblowers