Blaine Kimrey on Cybersecurity

SEC Joins Chorus of Regulators Requiring Data Breach Notifications

Last week, the U.S. Securities and Exchange Commission (“SEC”) became the latest federal regulator to implement a data breach notification law. The commissioners unanimously voted to approve amendments to Regulation S-P (the...more

5/30/2024 / Corporate Counsel , Cyber Incident Reporting , Cybersecurity , Data Breach , Notification Requirements , Regulation S-P , Securities and Exchange Commission (SEC)

Breach Response: Is 72 hours the new 30 days?

For years, we were able to tell most clients experiencing a potential data security incident that they likely had at least 30 days to notify any third parties about the incident – if they concluded it was a breach. There...more

4/17/2024 / Critical Infrastructure Sectors , Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Data Breach

Cybersecurity Sheriffs Continue to Multiply and Crack Down – New SEC Rule Amps Up Public Company Pressure

Last week, a sharply divided U.S. Securities and Exchange Commission (“SEC”) significantly increased reporting requirements on public companies by adopting a Cybersecurity Risk Management, Strategy, Governance, and Incident...more

8/3/2023 / Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Final Rules , Form 8-K , Publicly-Traded Companies , Regulation S-K , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

SEC: Practice What You Preach on Privacy

One of the most common things we discuss with clients is the need to ensure that privacy policies accurately reflect the actual procedures in place for handling confidential information. The SEC reiterated that point last...more

4/22/2019 / Broker-Dealer , Cybersecurity , Data Protection , Enforcement Actions , Notice Requirements , OCIE , Opt-Outs , Personally Identifiable Information , Policies and Procedures , Regulation S-P , Risk Alert , Safeguards Rule , Securities and Exchange Commission (SEC)

California and GDPR “Light”: A Match Made in Plaintiffs’ Lawyers’ Heaven?

Just when you thought it was safe to open your e-mail again without being inundated with updated privacy policies, here comes the California Consumer Privacy Act of 2018 (“CCPA”). The new law, which goes into effect on...more

7/16/2018 / California Consumer Privacy Act (CCPA) , Cybersecurity , Data Breach , Data Collection , Data Privacy , Data Protection , Data Rights , General Data Protection Regulation (GDPR) , Minors , New Legislation , Opt-In , Opt-Outs , Personal Data , Personally Identifiable Information , Privacy Policy , Private Right of Action , Right to Delete

How to Evaluate Cyber Insurance Options?

On April 10, 2018, the Federal Financial Institutions Examination Council (the “FFIEC”), an interagency body composed of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal...more

4/16/2018 / Consumer Financial Protection Bureau (CFPB) , Cyber Insurance , Cybersecurity , Due Diligence , FDIC , FFIEC , Financial Institutions , New Guidance , OCC , Risk Management

Data Breach Notification Revisions in North Carolina Would Bring Radical Change

A North Carolina bill designed to strengthen the state’s data breach notification statute could radically change incident response. Through the Act to Strengthen Identity Theft Protections, North Carolina could quickly become...more

1/22/2018 / Credit Monitoring , Cybersecurity , Data Breach , Data Protection , Data Security , Health Insurance Portability and Accountability Act (HIPAA) , Notice Requirements , Personally Identifiable Information , Popular , Proposed Legislation , State Data Breach Notification Statutes

Blaine Kimrey

Vedder Price

Popular Topics by This Author

Latest Posts › Cybersecurity