Key point: With the Cybersecurity Information Sharing Act of 2015 (CISA 2015) scheduled to sunset on September 30, 2025, Congress will need to act quickly to renew the law and maintain, if not improve, the liability...more
8/14/2025
/ Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Information Sharing ,
Legislative Agendas ,
Liability ,
National Security ,
New Legislation ,
Proposed Legislation ,
Risk Management ,
Senate Committees ,
Sunset Provisions
Key point: Colorado’s Department of Law is soliciting public comments through September 5, 2025, on revised privacy rules to protect minors’ personal data and online privacy.
On July 29, the Colorado Department of Law issued...more
8/11/2025
/ Colorado ,
Comment Period ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Minors ,
Notice of Proposed Rulemaking (NOPR) ,
Online Safety for Children ,
Personal Data ,
Proposed Rules ,
State Privacy Laws
Key point: The US Coast Guard’s new cybersecurity rule will transform the security standards and reporting requirements for vessels and marine facilities nationwide over the next three years.
On July 16, 2025, the US Coast...more
7/31/2025
/ Coast Guard ,
Cyber Attacks ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
FBI ,
Final Rules ,
Government Agencies ,
Incident Response Plans ,
Maritime Transport ,
Outer Continental Shelf ,
Popular ,
Regulatory Requirements ,
Reporting Requirements ,
Training ,
Vessels
Key Point: “Winning the Race: America’s AI Action Plan,” the Trump Administration’s summary approach to federal artificial intelligence (AI) policy, and three new Executive Orders (EO) propose a wide-ranging federal strategy...more
7/28/2025
/ Artificial Intelligence ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Data Centers ,
Enforcement Actions ,
Executive Orders ,
Export Controls ,
Federal Contractors ,
Infrastructure ,
Innovative Technology ,
National Security ,
Popular ,
Regulatory Reform ,
Risk Management ,
Trump Administration
On June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Department of Defense Cyber Crime Center (DC3) published a...more
7/3/2025
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Environmental Protection Agency (EPA) ,
FBI ,
Government Agencies ,
Incident Response Plans ,
Iran ,
National Security ,
Ransomware ,
Risk Assessment ,
Risk Management
Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of...more
Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more
2/25/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Privacy Laws ,
Reporting Requirements ,
State Privacy Laws
The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more
2/24/2025
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
NIST ,
Proposed Rules ,
Regulatory Requirements ,
Risk Management ,
Subcontracts ,
Supply Chain
As noted , the renewable energy sector faces growing concerns over its vulnerability to cyberattacks. Since then, the situation has not improved; the U.S. electrical grid has grown more vulnerable to cyberattacks, with...more
2/11/2025
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Department of Energy (DOE) ,
Energy Sector ,
National Security ,
Popular ,
Renewable Energy ,
Risk Management ,
Solar Energy ,
Supply Chain
In November 2023, New York Governor Kathy Hochul announced proposed regulations that would be the first state regulations for hospitals in New York. The governor described the proposed regulation as a “nation-leading...more
Keypoint: The New York State Department of Financial Services (NYDFS) issued an industry letter outlining the threats posed to U.S. companies who hire remote technology workers linked to North Korea and may embezzle funds...more
11/5/2024
/ Due Diligence ,
Electronic Monitoring ,
Embezzlement ,
Employee Training ,
FBI ,
Financial Institutions ,
Hiring & Firing ,
Industry Letters ,
Information Technology ,
North Korea ,
NYDFS ,
Remote Working ,
US Department of State
Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats...more
Intensifying international crises, increasing regulatory burdens, and uncertain macroeconomic conditions have led to an era of caution for manufacturers, but hidden among those challenges are exciting opportunities for...more
10/25/2024
/ Artificial Intelligence ,
Bribery ,
Complex Corporate Transactions ,
Compliance ,
Copyright ,
Cyber Threats ,
Cybersecurity ,
Department of Justice (DOJ) ,
Employment Litigation ,
Environmental Protection Agency (EPA) ,
Fair Labor Standards Act (FLSA) ,
Fraud ,
Geopolitical Risks ,
Government Agencies ,
Healthcare ,
Intellectual Property Protection ,
International Trade ,
Kickbacks ,
Logistics ,
Manufacturers ,
Marketing ,
National Association of Manufacturers ,
OSHA ,
PFAS ,
Regulatory Requirements ,
State Agencies ,
Subject Matter Jurisdiction ,
Whistleblowers ,
Workplace Safety
Keypoint: The Texas Attorney General reaches a first-of-its-kind settlement with a healthcare company that provides generative AI products. On September 18, 2024, the Texas Attorney General announced that it had reached a...more
9/19/2024
/ Advertising ,
Artificial Intelligence ,
Corporate Counsel ,
Disclosure Requirements ,
False Statements ,
Hospitals ,
Marketing ,
Misleading Statements ,
Misrepresentation ,
Settlement Agreements ,
State Attorneys General ,
Texas
Keypoint: Companies onboarding AI products and services need to understand the potential risks associated with these products and implement contractual provisions to manage them. With the rapid emergence of artificial...more
8/20/2024
/ Artificial Intelligence ,
Consumer Service Agreements ,
Contract Terms ,
Contractual Safeguards ,
Data Protection ,
Data-Sharing ,
Due Diligence ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Intellectual Property Protection ,
Liability ,
Risk Assessment ,
Vendors
The White House has announced a set of binding Artificial Intelligence (AI) policies for federal agencies, which are intended to protect the privacy, rights, and safety of the American people. Other than federal contractors...more
Host Gregg N. Sofer welcomes Husch Blackwell’s Erik Dullea to the podcast to explore how human error factors into cybersecurity efforts. Most data breaches trace back to some form of human error, and an approach to...more
Key Point: The FCC revised its breach notification rules for telecommunication providers to broaden the instances when notifications are required, but even with limited exceptions to the new requirements, the final rule...more
Our downloadable report, Legal Insights for Manufacturing, explores how the business, legal, and regulatory framework is evolving—and will evolve—to address the large generational shifts taking place. This year, our report...more
11/2/2023
/ Acquisitions ,
Artificial Intelligence ,
Chief Compliance Officers ,
Complex Corporate Transactions ,
Copyright ,
Coronavirus/COVID-19 ,
Customs ,
Cybersecurity ,
Department of Justice (DOJ) ,
Environmental Protection Agency (EPA) ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Financial Crimes ,
Food and Drug Administration (FDA) ,
FTEs ,
Global Economy ,
Greenwashing ,
International Trade ,
Know Your Customers ,
Labor Relations ,
Manufacturers ,
Marketing ,
Mergers ,
Modernization of Cosmetics Regulation Act of 2022 (MoCRA) ,
NLRA ,
NLRB ,
OSHA ,
PFAS ,
Price Inflation ,
Section 7 ,
Securities and Exchange Commission (SEC) ,
Self-Disclosure Requirements ,
Skilled Laborers ,
Strict Product Liability ,
Supply Chain ,
Union Elections ,
USPTO ,
Uyghur Forced Labor Prevention Act (UFLPA) ,
Voluntary Disclosure ,
Wage and Hour ,
White Collar Crimes ,
Workplace Safety
Key Point: The Federal Trade Commission (FTC) has amended the Safeguards Rule to require non-banking financial institutions to inform the FTC within 30 days of discovering any unauthorized acquisition of unencrypted customer...more
10/31/2023
/ Amended Rules ,
Board of Governors ,
Breach Notification Rule ,
Cyber Incident Reporting ,
Data Breach ,
Data Security ,
Dodd-Frank ,
FDIC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
GLBA Privacy ,
Gramm-Leach-Blilely Act ,
Non-Public Information ,
NYDFS ,
OCC ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
Keypoint: To advance the National Cybersecurity Strategy, the Office of the National Cyber Director is soliciting public comments to harmonize cybersecurity regulations, with comments due by October 31, 2023.
In March 2023,...more
Host Gregg N. Sofer welcomes Husch Blackwell partner Erik Dullea to the podcast where we discuss risk management, strategy, governance, and incident disclosure in the context of the Security and Exchange Commission’s recently...more
Key Point: The decision making processes to determine whether a cybersecurity incident is material or not, should include documenting the factors behind each determination and should be practiced before an incident...more
8/23/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Form 8-K ,
Information Technology ,
Policies and Procedures ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Part I of this blog series discussed the compliance dates and the new definitions in the U.S. Securities Exchange Commission’s (the “SEC”) final rules (the “adopting release”) for cybersecurity disclosures. In Part II, we...more
Key Point: To avoid inadvertently increasing enforcement and litigation risks, companies should consider these suggestions to minimize headaches with the SEC’s final rules that mandate (a) disclosures in annual report of...more