Find Someone Observant: The Vital Role of Facility Security Officers
2023 DSIR Report Deeper Dive into the Data
Guidepost in Motion - Cybersecurity Frameworks and Metrics Part 2
Debra Geroux and Scott Wrobel on Responding to Data Breaches
Compliance and Regulations - Ensure adherence to SEC regulations with appropriate privacy and cybersecurity policies tailored to SEC requirements....more
In an effort led by industry experts and nearly 1,000 stakeholders, the European Union introduced the first draft of the General-Purpose AI (GPAI) Code of Practice (the Code), an important addition to its regulatory framework...more
When it comes to discovery of mobile devices, organizations today must consider being proactive regarding how mobile devices of their employees and contractors are managed and what rights they have regarding the storage and...more
U.S. supply chain security is increasingly under threat. The White House’s National Security Strategy describes this moment as an inflection point. Many federal agencies have taken charge in elevating the very concept of...more
Welcome to our eighth 2024 issue of Decoded - our technology law insights e-newsletter. Thank you for reading. EU AI Act Tightens Grip on High-Risk AI Systems: Five Critical Questions for U.S. Companies - Why this is...more
The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more
A critical vulnerability, CVE-2024-0132, has surfaced in NVIDIA’s Container Toolkit, placing a substantial portion of cloud environments at risk. Discovered by researchers at Wiz, the flaw affects both the NVIDIA Container...more
In the seventh episode of "Are We All Clear? Facilitating Security Clearances," host Molly O'Casey delves into the pivotal role of Facility Security Officers (FSOs), providing valuable insights into responsibilities, the...more
On June 10, 2024, the United States Supreme Court agreed to hear argument in Facebook, Inc. v. Amalgamated Bank, No. 23-980, to address whether risk disclosures can be false or misleading if they do not describe a risk that...more
The EU recently introduced the AI Act, landmark legislation aimed at regulating artificial intelligence (AI) technologies. This article provides an in-depth overview of the EU AI Act, its implications for organizations, and...more
Multi-employer plan participants involved in an Employee Retirement Income Security Act of 1974 (ERISA) class action lawsuit against Horizon Actuarial Services LLC (Horizon), a national retirement services firm, have entered...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
The much anticipated response to the Consultation initiated by the Cyberspace Administration of China (CAC) last September has finally arrived (read our earlier briefing here). Last Friday, the CAC ended months of speculation...more
On March 22, 2024, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Provisions on the Promotion and Regulation of Cross-Border Data Flows (the “Final Provisions”), bringing to conclusion the...more
The Internet of Things (“IoT”) has ushered in a new era of connectivity and convenience, but with it comes a host of legal issues and emerging theories of liability. As IoT devices become increasingly ubiquitous in our daily...more
New Jersey rang in the new year with the signing of a state privacy bill. On Jan. 16, Gov. Phil Murphy signed SB No. 322, stating he was proud that New Jersey had joined the ranks of states with consumer privacy bills....more
On February 8, 2024, the Federal Communications Commission outlawed AI-generated voices in robocalls and with the upcoming Presidential election in the United States, it is easy to see why. Imagine the implications if “leaked...more
If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more
Recognizing the evolving landscape of care delivery and growth of telehealth, the U.S. Department of Health and Human Services (HHS) published a resource guide aimed at assisting telehealth providers in explaining the privacy...more
New York Gov Kathy Hochul is touting her proposed statewide cybersecurity regulations for hospitals and health systems as “nation-leading,” and, if approved, those entities will have until February 2025 to comply with the new...more
HIPAA applies to both covered entities (e.g., healthcare providers and health plans) and their business associates. A “business associate” is generally a person or entity that “creates, receives, maintains or transmits”...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment...more
The New York State Department of Financial Services (NYDFS) recently published a revised proposed second amendment to its cybersecurity regulation, 23 NYCRR 500. ...more
In June 2023, the Privacy Commissioner for Personal Data in Hong Kong (the “Commissioner”) released a new guidance note on data breach handling and notifications (the “Guidance Note”). The purpose of this note is to assist...more
We’re back with a deeper dive into the 2023 Data Security and Incident Response Report, which features insights and metrics from 1,160+ incidents in 2022. This episode dives deeper into the data, including ransomware and...more