Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
The Federal Trade Commission (FTC) has declined to approve a new method for obtaining parental consent under the Children’s Online Privacy Protection Act (COPPA) that would involve analyzing facial geometry to verify an...more
A recently introduced bill in the Florida Legislature would provide businesses operating in Florida, including health care providers, with a legal defense to data breach lawsuits if they maintain robust cybersecurity measures...more
On April 6, 2022, the Department of Health and Human Services Office for Civil Rights (OCR) issued a Request for Information (RFI) to solicit public comments on the implementation of the “safe harbor” under the Health...more
Connecticut’s new cybersecurity standards law, which goes into effect on October 1, 2021, protects companies from punitive damages in certain data breach actions where an organization has a cybersecurity program that conforms...more
A new trend in privacy and cybersecurity laws is the introduction of safe harbor clauses for aligning data protection controls to recognized data privacy and cybersecurity frameworks. OHIO HB376: In July 2021, Ohio...more
Connecticut recently enacted cybersecurity legislation that provides a safe harbor for businesses that implement a written cybersecurity program. Under the legislation, set to go in effect on October 1, 2021, punitive damages...more
Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from...more
We are now seeing a potential trend where states are incentivizing companies through the creation of safe harbors to improve their cybersecurity posture, instead of penalizing them after a breach of personal information. Utah...more
On November, 2, 2018, Ohio’s recently passed Data Protection Act (Act) officially became law. The Act provides a possible affirmative defense to businesses in lawsuits where the plaintiff alleges a tort based on a business’...more
Tacking an entirely new direction from other US states, Ohio has decided to offer defensive legal protection to businesses who have built a cybersecurity regime around well-known industry standards, even where those...more
Effective November 2, 2018, companies that suffer a breach may have certain defenses in Ohio if they have a written cybersecurity program in place. Under this new law, companies can use as an affirmative defense the existence...more
Ohio will soon have a law in place that provides a “legal safe harbor” from tort claims related to a data breach, to entities that have implemented and comply with certain cybersecurity frameworks. It remains to be seen...more
Legislation was recently introduced in Ohio encouraging businesses to take steps in protecting consumer data. Ohio Senate Bill 220, The Data Protection Act (the “Act”), provides businesses that take certain commercially...more
Significant Changes to Online Copyright (DMCA) Safe Harbor and DoD Contractor Cybersecurity (NIST 800-171) Requirements Take Effect at the End of This Year. Important Change Affecting Digital Millennium Copyright Act...more
De-identification of data refers to the process used to prevent personal identifiers from being connected with information. The FTC indicated in its 2012 report Protecting Consumer Privacy in an Era of Rapid Change:...more