Find Someone Observant: The Vital Role of Facility Security Officers
2023 DSIR Report Deeper Dive into the Data
Guidepost in Motion - Cybersecurity Frameworks and Metrics Part 2
Debra Geroux and Scott Wrobel on Responding to Data Breaches
Compliance and Regulations - Ensure adherence to SEC regulations with appropriate privacy and cybersecurity policies tailored to SEC requirements....more
In an effort led by industry experts and nearly 1,000 stakeholders, the European Union introduced the first draft of the General-Purpose AI (GPAI) Code of Practice (the Code), an important addition to its regulatory framework...more
U.S. supply chain security is increasingly under threat. The White House’s National Security Strategy describes this moment as an inflection point. Many federal agencies have taken charge in elevating the very concept of...more
Welcome to our eighth 2024 issue of Decoded - our technology law insights e-newsletter. Thank you for reading. EU AI Act Tightens Grip on High-Risk AI Systems: Five Critical Questions for U.S. Companies - Why this is...more
The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more
A critical vulnerability, CVE-2024-0132, has surfaced in NVIDIA’s Container Toolkit, placing a substantial portion of cloud environments at risk. Discovered by researchers at Wiz, the flaw affects both the NVIDIA Container...more
Multi-employer plan participants involved in an Employee Retirement Income Security Act of 1974 (ERISA) class action lawsuit against Horizon Actuarial Services LLC (Horizon), a national retirement services firm, have entered...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
The much anticipated response to the Consultation initiated by the Cyberspace Administration of China (CAC) last September has finally arrived (read our earlier briefing here). Last Friday, the CAC ended months of speculation...more
On March 22, 2024, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Provisions on the Promotion and Regulation of Cross-Border Data Flows (the “Final Provisions”), bringing to conclusion the...more
On February 8, 2024, the Federal Communications Commission outlawed AI-generated voices in robocalls and with the upcoming Presidential election in the United States, it is easy to see why. Imagine the implications if “leaked...more
If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more
Recognizing the evolving landscape of care delivery and growth of telehealth, the U.S. Department of Health and Human Services (HHS) published a resource guide aimed at assisting telehealth providers in explaining the privacy...more
New York Gov Kathy Hochul is touting her proposed statewide cybersecurity regulations for hospitals and health systems as “nation-leading,” and, if approved, those entities will have until February 2025 to comply with the new...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment...more
The New York State Department of Financial Services (NYDFS) recently published a revised proposed second amendment to its cybersecurity regulation, 23 NYCRR 500. ...more
In June 2023, the Privacy Commissioner for Personal Data in Hong Kong (the “Commissioner”) released a new guidance note on data breach handling and notifications (the “Guidance Note”). The purpose of this note is to assist...more
We’re back with a deeper dive into the 2023 Data Security and Incident Response Report, which features insights and metrics from 1,160+ incidents in 2022. This episode dives deeper into the data, including ransomware and...more
The guidance encourages organisations to formulate a data breach response plan, and outlines recommendations for handling an increasing number of data breach incidents. On 30 June 2023, the Office of the Privacy...more
When evaluating cybersecurity and data protection risk for our clients, the two most fundamental questions that need to be answered are: How vulnerable is our organization to active cyber threats that are likely to...more
While Managed Detection and Response (MDR) takes advantage of the latest technology, it is important to recognize that humans are still the best at making the complex, nuanced decisions that are sometimes necessary in...more
The US Securities and Exchange Commission (SEC) issued a notice of proposed rulemaking (the Proposal) on March 15 that would require SEC-regulated investment advisers, investment companies, and broker dealers to provide...more
Cybersecurity Alert: Silicon Valley Bank and Signature Bank Fallout - Undoubtedly, cyber criminals are out in full force with phishing links and other scams trying to capitalize on the disruption and panic that many...more
Today’s Privacy Reality: AI, Assessments, Breach and DSARs is a webcast that will bring together a panel of experts to discuss the impact of artificial intelligence (AI) on privacy and cybersecurity. The panel will address...more
Cybersecurity is a key risk factor for emerging applications of artificial intelligence to medical devices. Products failing to address security risks may leave themselves vulnerable to cyberattacks. Bad actors target...more