Amy de La Lama

Amy de La Lama

BCLP

Contact
View Bio
RSS

Latest Posts › Cybersecurity

Share:

Cyber - More Than Just Breach Response

The vast majority of commentary and public advice concerning data breaches surround, deservedly, the breach itself. This focus is only natural; it is the breach itself that requires victims to bring enormous resources to bear...more

3/7/2025  /  Breach Notification Rule , Cybersecurity , Data Breach , Data Privacy , Federal Trade Commission (FTC) , Health Insurance Portability and Accountability Act (HIPAA) , Risk Management , Securities and Exchange Commission (SEC)

The SEC is Watching: Four Companies Charged for Misleading Cyber Disclosures

On October 22, 2024, the U.S. Securities and Exchange Commission (SEC) charged four publicly traded  technology companies with making materially misleading disclosures regarding cybersecurity risks and incidents (SEC press...more

11/7/2024  /  Cyber Attacks , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Enforcement Actions , Form 10-K , Form 8-K , Material Misstatements , Penalties , Publicly-Traded Companies , Securities and Exchange Commission (SEC)

Navigating a Security Incident - Best Practices for Engaging Service Providers - September 2024

With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more

9/11/2024  /  Attorney-Client Privilege , Best Practices , Corporate Counsel , Cybersecurity , Data Breach , Incident Response Plans , Ransomware , Third-Party Service Provider , Work-Product Doctrine

FTC Cybersecurity and Data Privacy Roundup

Last year was a pivotal one for data privacy, as privacy received substantial attention from many regulators, including the Federal Trade Commission (“FTC”). Looking back at the FTC’s 2023 enforcement actions, statements and...more

5/15/2024  /  Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Enforcement Actions , Federal Trade Commission (FTC) , Popular

Pressure-Testing Your Privacy Program for 2024

With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more

1/5/2024  /  Artificial Intelligence , California Consumer Privacy Act (CCPA) , Compliance , Cyber Incident Reporting , Cybersecurity , Data Privacy , EU , General Data Protection Regulation (GDPR) , Incident Response Plans , Personally Identifiable Information , Privacy Laws , Publicly-Traded Companies , Risk Management , Securities and Exchange Commission (SEC) , Sensitive Personal Information , State Privacy Laws , Targeted Digital Advertising

California's Delete Act: A First of Its Kind Data Broker Law

On October 10, 2023, California Governor Gavin Newsom signed SB 362 into law. The “Delete Act” is intended to bridge a gap in consumer privacy rights – whereas the California Privacy Rights Act (the CPRA) grants consumers the...more

12/29/2023  /  California Privacy Rights Act (CPRA) , Consumer Privacy Rights , Cybersecurity , Data Brokers , Data Collection , Data Privacy , Data Protection

Divided SEC Adopts Controversial Cybersecurity Disclosure Requirements

A divided SEC on July 26, 2023 approved new requirements for reporting of material cybersecurity incidents in real-time current reports on Form 8-K or 6-K and disclosure of cybersecurity risk management, strategy and...more

7/28/2023  /  Annual Reports , Compliance , Compliance Dates , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Form 10-K , Form 20-F , Form 8-K , Publicly-Traded Companies , Securities and Exchange Commission (SEC) , Securities Regulation

Colorado’s “Loyalty Program” regulations are final, and they blow California’s rules out of the water

On March 15, 2023, the Colorado Attorney General’s Office announced the finalization of the Regulations implementing the Colorado Privacy Act (CPA), which will take effect on July 1, 2023. Covered businesses that make use of...more

5/30/2023  /  Consumer Privacy Rights , Corporate Counsel , Customer-Loyalty Programs , Cybersecurity , Data Collection , Data Protection , State Privacy Laws

HR data is now regulated under California privacy law: How to tackle compliance

2023 will be yet another dynamic year for data privacy regulation.  In addition to the data privacy laws in Virginia, Colorado, Utah, and Connecticut going into force this year, businesses also have to contend with the fact...more

2/2/2023  /  California Consumer Privacy Act (CCPA) , California Privacy Protection Agency (CPPA) , Cybersecurity , Data Collection , Data Privacy , Employee Privacy Rights , Job Applicants , Popular

PRC Legal Update: China’s Security Assessment Process of Outbound Data Transfers

Under the PRC Cybersecurity Law, PRC Personal Information Protection Law and PRC Data Security Law, certain organisations (as well as individuals) are now required to conduct a security assessment of outbound transfers of...more

11/2/2022  /  China , Compliance Dates , Cybersecurity , Data Processors , Data Security , International Data Transfers , New Guidance , Personal Data , Personal Information Protection Law (PIPL)

Cyber Incident Reporting for Critical Infrastructure Act - What Companies Need to Know Now

The Cyber Incident Reporting for Critical Infrastructure Act (“CIRCIA” or “the Act”) is a new federal law, adopted in March 2022, which requires critical infrastructure entities to report certain cybersecurity incidents and...more

7/1/2022  /  Compliance , Covered Entities , Critical Infrastructure Sectors , Cyber Attacks , Cyber Incident Reporting , Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) , Cybersecurity , Enforcement , New Legislation , Ransomware , Reporting Requirements

Navigating a Security Incident

The security incident response process inevitably brings a myriad of challenges for a company unfortunate enough to experience one. Although implementing an appropriate communication strategy may not be at the top of the list...more

1/7/2022  /  Cyber Attacks , Cybersecurity , Data Breach , Incident Response Plans , Internal Communications , Public Communications , Reputation Management , Risk Management

NYDFS: Cyber Insurers Should Not Pay Ransom and Should Adopt “Best Practices”

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2, “Cyber Insurance Risk Framework” to all property-casualty insurers authorized to transact insurance in New York....more

2/11/2021  /  Best Practices , Cyber Insurance , Cybersecurity , NYDFS , Office of Foreign Assets Control (OFAC) , Ransomware , SDN List
13 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide