Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more
On January 15, 2025, the Federal Trade Commission (FTC) announced a proposed settlement with GoDaddy Inc. (GoDaddy) for making false or misleading representations about their security practices in violation of Section 5 of...more
1/22/2025
/ Antitrust Violations ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misleading Statements ,
Privacy Laws ,
Risk Management ,
Unfair or Deceptive Trade Practices
The Biden Administration’s Office for Civil Rights delivered on its promise to propose an update to the HIPAA Security Rule. Our Health Care and Privacy, Cyber & Data Strategy groups summarize key points from the new rule and...more
The CMMC program is designed to ensure that federal contract information (“FCI”) and Controlled Unclassified Information (“CUI”) are sufficiently protected by government contractors. For example, the CMMC program requires...more
On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter covering Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Industry...more
The ubiquity of artificial intelligence (AI) has heightened companies’ exposure to cyberattacks of increasingly greater sophistication. Our Privacy, Cyber & Data Strategy Team explores how businesses can enhance their...more
10/2/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Deep Fake ,
Employee Training ,
Machine Learning ,
Phishing Scams ,
Risk Management
On August 21, 2024, the United States Cybersecurity and Infrastructure Security agency, alongside government agencies in key global allies, including Australia, the UK, Canada, and Japan, released guidance on event logging...more
On July 30, 2024, the New York Attorney General Letitia James announced she had completed an investigation into the tracking technology practices of popular websites, and used this to create website privacy guides on online...more
On July 11, 2024, the New York Department of Financial Services (“NYDFS”) released Insurance Circular Letter No. 7, which establishes guidelines on the use of artificial intelligence systems (“AIS”) and external consumer data...more
8/12/2024
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Discrimination ,
Enforcement Priorities ,
Insurance Industry ,
NYDFS ,
Pricing ,
Regulatory Oversight ,
Risk Management ,
Transparency ,
Underwriting ,
Vendor Contacts
Pennsylvania’s Governor recently approved amendments to the Commonwealth’s data breach notification law, which represent a significant overhaul to the law. As detailed below, the amended law makes a number of material...more
On May 22, 2024, the Director of the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued further guidance regarding disclosure of cybersecurity incidents on Form 8-K. The...more
Earlier this year, the National Institute of Standards and Technology (NIST) issued an update to its Cybersecurity Framework (CSF) with the release of version 2.0, the first update since April 2018 (version 1.1). While the...more
New regulations continue to push boards in the direction of active engagement in their cyber oversight role, including breach response. But, how can boards strike the right balance in their oversight role during a significant...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
2/26/2024
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Data Theft ,
NYDFS ,
Popular ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of...more
On January 17, 2024, the New York State Department of Financial Services (“NYDFS”) issued a proposed circular letter for comment regarding the “Use of Artificial Intelligence Systems and External Consumer Data and Information...more
On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password...more
After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s...more
After a decade and a half under the current data breach notification rules for telecommunications carriers and telecommunications relay services (TRS) providers, the FCC recently unveiled plans to update and expand them....more
On December 8, 2023, the California Privacy Protection Agency (CPPA) will hold a board meeting seeking public comment on various privacy regulations. The meeting, which will take place on Zoom, will cover several topics...more
Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own...more
With an amendment to its Safeguards Rule, the Federal Trade Commission has joined other federal agencies regulating cybersecurity breaches. Our Privacy, Cyber & Data Strategy Team analyzes how the amendment will affect...more
Our Privacy, Cyber & Data Strategy and Privacy & Cybersecurity Litigation teams examine the New York Department of Financial Services’ finalized Second Amendment to its Cybersecurity Regulation....more
On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer...more
At the end of September 2023, the Cyberspace Administration of China (CAC) released draft regulations (see the unofficial English translation) regulating the cross-border flow of personal information and important data out of...more