Earlier this month the Cybersecurity and Infrastructure Security Agency (“CISA”), the U.S. federal agency under the Department of Homeland Security (“DHS”) whose mission is to protect the nation’s critical infrastructure from...more
On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and...more
1/31/2025
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Proposed cybersecurity regulation may face changes or challenges in view of the incoming Trump administration that is intent on reducing the perceived regulatory burden on American companies and streamlining government...more
Cybersecurity is integral to protecting sensitive information, ensuring regulatory compliance, managing financial risks, maintaining reputation, ensuring business continuity, gaining a competitive advantage, adapting to...more
11/22/2024
/ C-Suite Executives ,
Continuing Legal Education ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
Ransomware ,
Risk Management ,
Webinars
On October 15, 2024, the Department of Defense (“DoD”) released its final rule (the “Final Rule”) formally establishing the Cybersecurity Maturity Model Certification (“CMMC”) program, nearly three years after first...more
11/22/2024
/ Code of Federal Regulations (CFR) ,
Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
DCMA ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
NIST ,
Subcontractors
Public companies are now required to comply with new cybersecurity disclosure requirements in their Annual Reports on Form 10-K for fiscal years ending on or after December 15, 2023. In preparing this cybersecurity...more
3/5/2024
/ Annual Reports ,
Chief Information Security Officer (CISO) ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 8-K ,
Popular ,
Regulation S-K ,
Securities and Exchange Commission (SEC) ,
SolarWinds
In advance of its September 8, 2023 board meeting, the California Privacy Protection Agency (“CPPA”), the state’s privacy regulatory body, has unveiled draft regulations that could significantly impact cybersecurity...more
9/7/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Regulatory Agenda ,
Risk Assessment ,
State Privacy Laws
The Department of Homeland Security’s Transportation Security Administration (“TSA”) has issued an amended directive on pipeline security, SD-Pipeline-2021-02D (the “Directive”). The Directive is based on and supersedes the...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to approve final rules governing cybersecurity disclosures of public companies (“Final Rules”). The Final Rules make meaningful changes to the current and...more
On July 10, 2023, the European Commission (the “Commission”) adopted an adequacy decision for the EU-U.S. Data Privacy Framework (the “Framework”).
The Framework provides companies that opt in with a legitimate means of...more
7/14/2023
/ Cross-Border ,
Cybersecurity ,
Data Privacy ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
US-EU Safe Harbor Framework
On March 15, 2023, the Securities Exchange Commission (“SEC”) issued three additional proposed rules that would expand the reach of the agency’s current cybersecurity guidance to new entities and augment existing...more
After a rash of significant cybersecurity breaches and ransomware attacks affecting a wide set of industries, ranging from pipelines to technology companies, the Biden administration released its much-anticipated National...more
On October 12, 2022, New York Attorney General Letitia James fined Zoetop Business Company, Ltd. (“Zoetop”), the owner of fast-fashion brands SHEIN and ROMWE, $1.9 million for mishandling a 2018 data breach and lying to the...more
On October 18, 2022, the Transportation Security Administration (“TSA”) issued its Security Directive 1580/82-2022-01 on Rail Cybersecurity Mitigation Actions and Testing (the “Railroad Directive”), regulating designated...more
In a recent Securities and Exchange Commission (“SEC”) enforcement action, the SEC concluded that a registered broker-dealer and investment adviser (the “Firm”) violated Rule 30 of Regulation S-P by failing to adopt...more
It has been over a year since the Colonial Pipeline cybersecurity incident, and the Department of Homeland Security’s Transportation Security Administration (“TSA”) continues to issue cybersecurity directives to owners and...more
8/23/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Environmental Protection Agency (EPA) ,
Information Technology ,
Multi-Factor Authentication ,
Oil & Gas ,
Pipelines ,
Risk Assessment ,
TSA
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing...more
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing...more
On March 9, 2022, the Securities and Exchange Commission (“Commission”) issued its much-anticipated proposed rule amendments which would mandate certain cybersecurity disclosures for public companies (“Proposed Rules”)....more