On March 9, 2022 the SEC proposed rule amendments that would require public companies to report detailed information about material cybersecurity incidents affecting their business and about their cybersecurity risk...more
Organizations around the world face substantial and increasing cybersecurity-related threats to operations, reputation, and the bottom line. Cyber risk profiles are changing, particularly in light of the increase in agile...more
6/4/2021
/ Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Monitoring ,
Employee Monitoring ,
Information Management ,
Metadata ,
Risk Assessment ,
Risk Mitigation ,
Threat Management
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA)....more
On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance....more
2/17/2021
/ Consumer Insurance Products ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Insurance Regulations ,
NYDFS ,
Popular ,
Risk Management ,
State and Local Government
Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. ...more
9/14/2018
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cooperative Compliance Regime ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Non-Discrimination Rules ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
Third-Party
Groundbreaking. Watershed. Unprecedented. -
We have heard the California Consumer Privacy Act of 2018 (CCPA) called all these things and more since its enactment on June 28, ?2018. Our experience to date has confirmed the...more
9/13/2018
/ California Consumer Privacy Act (CCPA) ,
Clinical Trials ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Use Policies ,
DPPA ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Preemption ,
Privacy Laws ,
Private Right of Action
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
...more
7/31/2018
/ Compliance ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Regulatory Requirements ,
Risk Management
Prompted by concern over the increase in the risks and frequency of data breach incidents and other cyber-attacks affecting public companies, the Securities and Exchange Commission recently published interpretive guidance to...more
3/6/2018
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Interpretive Rule ,
Non-Public Information ,
Publicly-Traded Companies ,
Regulation FD ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more
2/28/2018
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Popular ,
Risk Assessment ,
Risk Management ,
Vulnerability Assessments
Whether malicious or inadvertent, workforce actions cause or contribute to a high percentage of the cyber attacks experienced by organizations. Protecting against such "insider" cyber risk can be challenging, especially given...more
As a follow-up to our previous reports (December 30, 2016 Alert; February 24, 2017 Alert) regarding the cybersecurity regulations issued by the New York State Department of Financial Services (NYDFS), we would like to remind...more
8/10/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Service Provider
Earlier this year, the National Association of Corporate Directors (NACD) released an updated version of its Director’s Handbook on Cyber-Risk Oversight (Handbook). The updates add 16 pages of content to the previously...more
7/19/2017
/ Board of Directors ,
Corporate Counsel ,
Corporate Governance ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Handbooks ,
Information Technology ,
National Association of Corporate Directors (NACD) ,
Risk Management
Major companies, health care organizations and government agencies are facing a wave of cyberattacks involving ransomware that takes control of computers and denies access until a ransom is paid. These attacks are occurring...more
In the wake of a cyber attack, it’s a common assumption that attorney-client privilege is ironclad. It’s not that simple. Partners Harriet Pearson and Michelle Kisloff examine the nuances and offer best practices. ...more
Partners Harriet Pearson and Michelle Kisloff talk about the real-time challenges of data breaches in the context of litigation and investigations. Hear the three major things you need to do and how to avoid the common...more
The internet of things has presented new challenges across all industries. Hear partners Harriet Pearson and Tim Tobin discuss what others can learn from automotive in this sharing of best practices. ...more
Technological vulnerabilities, regulators’ watchful eyes, and personal connections with our vehicles – create a collision course for cyber risk. Partners Harriet Pearson and Tim Tobin dissect these three simple reasons why...more
Ambitious and broad-reaching, the Global Data Protection Regulation is impacting companies around the world. Listen as Partner Harriet Pearson and Head of our Privacy and Cybersecurity practice in Europe Eduardo Ustaran talk...more
As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On...more
2/27/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Confidential Information ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Disclosure Requirements ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
Notice Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
The conversation continues with Partner Harriet Pearson and Head of our Privacy and Cybersecurity practice in Europe Eduardo Ustaran as they go deeper into what clients need to know when it comes to compliance around the...more
Partner Harriet Pearson and Head of our Privacy and Cybersecurity practice in Europe Eduardo Ustaran discuss the Global Data Protection Regulation and what companies need to know now. ...more
The conversation continues. Hogan Lovells Partner Harriet Pearson and Managing Principal of Hogan Lovells Cyber Risk Services Jeff Lolley address the threat around ransomware and the potential implications for companies that...more
Hogan Lovells Partner Harriet Pearson and Managing Principal of our Cyber Risk Services Jeff Lolley look ahead to 2017's major cyber vulnerabilities and where clients need to safeguard. ...more
Earlier this month, the Securities and Exchange Commission (SEC) announced its Office of Compliance Inspections and Examinations’ (OCIE) 2017 Examination Priorities regarding certain practices, products, and services that...more
1/31/2017
/ AML/CFT ,
Anti-Money Laundering ,
Broker-Dealer ,
BSA/AML ,
Cybersecurity ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Financial Markets ,
OCIE ,
Personally Identifiable Information ,
Popular ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Terrorism Funding
Hogan Lovells partners Harriet Pearson and Gregory Lisa talk federal and state influences on cybersecurity. They tackle the tough question of whether the proposed NY DFS cybersecurity regulations mark a new phase in state...more