The US Department of Defense (DOD) finalized a rule that takes the next steps toward fully implementing the Cybersecurity Maturity Model Certification (CMMC) 2.0 program. This rule formalizes compliance requirements that will...more
11/21/2024
/ Certification Requirements ,
Cloud Service Providers (CSPs) ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
NIST
Daniel’s Law, a New Jersey privacy statute aimed at protecting public officials’ personal information from being disclosed online, has been on the books since 2020. But a slew of amendments made to Daniel’s Law in 2023 that...more
The Court of Justice of the European Union (CJEU), the EU’s highest court, recently announced its significant Lindenapotheke decision, permitting companies to use the General Data Protection Regulation in business-to-business...more
The US Department of Defense (DoD) has issued a new proposed rule for implementing the next iteration of the Cybersecurity Maturity Model Certification (CMMC) 2.0 program. This action drives forward the DoD’s plans to bolster...more
The European Union’s new AI Act (the Act) went into efect on 1 August 2024. The Act is the first-ever comprehensive law focused on artifcial intelligence and machine learning (collectively, AI). The Act impacts many...more
The US Securities and Exchange Commission (SEC), Division of Corporation Finance on June 24, 2024 issued five Compliance and Disclosure Interpretations (C&DIs) on its website to address questions raised by its requirement for...more
The US Securities and Exchange Commission has adopted amendments to Regulation S-P requiring entities under its remit to provide notice to individuals affected by certain types of data breaches. This adds yet another...more
As required by law, the Internal Revenue Service (IRS) has begun issuing notification letters to victims of a former IRS contractor who illegally accessed and stole the tax return information of thousands of companies and...more
The world is witnessing a flurry of activity surrounding issues of data protection, cybersecurity, artificial intelligence (AI), and consumer privacy. According to the National Conference of State Legislators, some 40 US...more
The Federal Trade Commission (FTC) recently reached two settlements in actions against data brokers concerning their use of consumer location data and banning them from collecting, using, or selling consumer location data...more
In October, California enacted its newest privacy legislation, commonly referred to as the “Delete Act” (California Senate Bill No. 362). The Delete Act will allow consumers to request that any data broker that maintains any...more
With the flurry of new consumer privacy laws enacted in states across the country, it is vital for companies operating in multiple states to remain informed of this changing landscape in order to plan and execute their...more
The ever-evolving data privacy landscape continues to become more complex as new developments play out on the global stage. In the United States, a number of individual state laws have come into force, with more following in...more
The US Securities and Exchange Commission (SEC) adopted on July 26, 2023 final rules and amendments for mandating disclosure regarding cybersecurity risk management, strategy, governance, and incident reporting, including...more
8/2/2023
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Unlike the United States, the United Kingdom and, so far, the EU Member States do not all have domestic class action regimes or a cross-border class action regime (as detailed below), and instead have collective actions....more
Artificial intelligence (AI) magnifies the ability to analyze personal information in ways that may intrude on privacy interests, which can give rise to legal issues. Generally, there are two types of concerns with AI and...more
With the lack of comprehensive federal consumer privacy legislation, states are charting an evolving course for businesses to follow when handling data and information about their customers. Led by California, several other...more
The US Federal Trade Commission (FTC or Commission) proposes expanding the Negative Option Rule to all subscription agreements. The FTC, in a 3-1 vote with Commissioner Christine S. Wilson (R) dissenting, published a notice...more
The need for privacy and cybersecurity compliance measures has become a paramount consideration as businesses become more digitally driven, data breaches become more publicized, and regulation continues to increase. Morgan...more
The European Commission recently released a draft adequacy decision for the European Union and United States Transatlantic Data Privacy Framework (TDPF). If the decision is finalized, data transfers between the European Union...more
The California Consumer Privacy Act (CCPA) exemptions for employee and business-to-business (B2B) personal information have not been extended, further complicating the privacy regulatory landscape for businesses in...more
US President Joseph Biden signed the long-anticipated Executive Order on Enhancing Safeguard for United States Signals Intelligence Activities (EO) on October 7, 2022, providing enhanced protections in an effort to restore...more
The US Securities and Exchange Commission has proposed new rules and amendments to mandate disclosure regarding cybersecurity risk management, strategy, governance, and incident reporting, including amendments to Form 8-K,...more
Dear Retail Clients and Friends, President Joseph Biden issued Executive Order 14068 on March 11 expanding prohibitions on trade with Russia and announcing new restrictions on Russian imports, exports, and...more
The US Securities and Exchange Commission (SEC) recently proposed a comprehensive framework of cybersecurity-related rules and amendments for investment advisers and investment companies. Although advisers and funds may have...more