On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the long-awaited second version of the Cybersecurity Framework (CSF). Dubbed “CSF 2.0,” it contains a few significant changes...more
Key Takeaways -
On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed...more
On March 9, 2022, the Securities and Exchange Commission announced that it proposed rules that would expressly mandate cybersecurity disclosures by public companies. The rules would require disclosure of material...more
Federal Trade Commission (FTC) staff published a blog post that highlights increased cybersecurity threats and emphasizes the key role corporate boards play in a successful cybersecurity program: “Corporate boards: don’t...more
On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott as a result of its acquisition of Starwood and the subsequent...more
Recently, the en banc Federal Circuit held that a determination by the Patent Trial and Appeal Board (PTAB) on whether a petitioner is time-barred from challenging a patent in an inter partes review (IPR) is judicially...more
On August 17, 2017, Governor John Carney signed into law bi-partisan legislation that increases cybersecurity protections for Delaware residents whose personal information may be compromised as a result of a data breach....more
The window for Department of Defense (DoD) contractors to bring themselves into compliance with cybersecurity requirements is closing. Specifically, changes to the Defense Federal Acquisition Regulation Supplement (DFARS)...more
On May 11, 2017, less than four months after his inauguration, President Trump signed a long-anticipated Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (hereinafter, the...more
By narrow and largely party-line votes, the Senate and the House of Representatives have repealed the Federal Communications Commission's privacy rules. The repeal occurred pursuant to the Congressional Review Act (CRA), a...more
Effective January 19, 2017, companies awarded federal government contracts will be required to ensure that their employees receive annual privacy training if those employees (1) handle personally identifiable information...more
The Federal Communication Commission's Bureau of Public Safety and Homeland Security has released a Notice of Inquiry ("NOI") seeking information on the best ways to secure the next generation of wireless technology, known as...more
Two actions in the past few weeks reflect the continuing government involvement in and concern over the security of Internet of Things (IoT) devices. Attacks using connected devices have highlighted security vulnerabilities...more
The Federal Communications Commission has released a 177-page order detailing new privacy and data security rules. It is important to note that these new rules not only apply to providers of broadband internet access service...more
11/7/2016
/ Bias ,
Breach Notification Rule ,
Broadband ,
Certification Requirements ,
Customer Proprietary Network Information (CPNI) ,
Data Breach ,
Data Security ,
ECPA ,
FCC ,
Federal Communications Act ,
Internet Service Providers (ISPs) ,
NIST ,
Open Internet Rules ,
Personally Identifiable Information ,
Recordkeeping Requirements ,
Service Agreements ,
Telecommunications ,
VoIP
The Federal Trade Commission ("FTC") has released a 16-page guide on steps that businesses should take once a data breach has occurred. The FTC's guidance addresses three primary areas: securing operations, fixing...more
The recent massive distributed denial of service (DDoS) attack that caused major internet outages was led by an army of security cameras, digital video recorders, and other Internet of Things ("IoT") devices that had been...more
Recently, in the midst of an M&A transaction involving Verizon and Yahoo!, news broke of a Yahoo! cybersecurity breach that had occurred approximately two years earlier. This event raised a lot of speculation around what...more
On July 29, 2016, the Federal Trade Commission (FTC or Commission) announced its long-awaited decision in its LabMD enforcement action. The Commissioners reversed the decision of an Administrative Law Judge (ALJ) and held...more
8/5/2016
/ Administrative Law Judge (ALJ) ,
Covered Entities ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LabMD ,
Likelihood of Harm ,
Popular ,
Section 5 ,
Unfair or Deceptive Trade Practices
On June 22, the Federal Trade Commission ("FTC") announced that it would settle its first-ever enforcement action against a mobile advertising company, InMobi. InMobi agreed, subject to court approval of the settlement, to...more
On April 26, 2016, Verizon published its ninth annual Data Breach Investigations Report ("DBIR"), which looks at breach trends, common vulnerabilities, and categories of security incidents that affected organizations in 82...more
Comments on the FCC's proposal to require participants in the nation's Emergency Alert System (EAS) to meet new cybersecurity requirements are due by May 9, 2016, and reply comments are due by June 7, 2016. As we previously...more
On February 25, 2016, the Office of the California Attorney General released its 2016 California Data Breach Report, which contains a compilation and analysis of the information provided to the Attorney General pursuant to...more
At the start of February, the European Commission announced it had finally struck a deal with the US Department of Commerce on Safe Harbor's replacement. Below, we address some of the key questions organisations are asking...more
3/3/2016
/ Article 29 Working Party (WP29) ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
Personal Data ,
U.S. Commerce Department
On January 22, 2016, the US Food and Drug Administration ("FDA") issued draft guidance outlining important steps medical device manufacturers should take to address cybersecurity risks in order to improve patient safety and...more