In light of recent cyberattacks targeting the federal government and United States supply chains, President Biden’s administration has released an Executive Order (the “Order”) in an attempt to modernize and enhance the...more
1/17/2025
/ Artificial Intelligence ,
Biden Administration ,
Cloud Service Providers (CSPs) ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Protection ,
Data Security ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Internet of Things ,
NIST ,
OMB ,
Risk Management ,
Supply Chain ,
Third-Party
The recent massive data breach at National Public Data (NPD), a background check company, has potentially compromised the personal information of millions, if not billions, of individuals, including their Social Security...more
8/26/2024
/ Credit Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Fraud ,
Hackers ,
Identity Theft ,
IRS ,
Popular ,
Risk Assessment ,
Risk Management
On July 26, 2023, the U.S. Securities Exchange Commission (“SEC”) adopted final rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The final rules require...more
8/4/2023
/ Annual Reports ,
Customer Proprietary Network Information (CPNI) ,
Cybersecurity ,
Disclosure Requirements ,
FBI ,
Foreign Private Issuers ,
Form 8-K ,
Incident Response Plans ,
New Rules ,
Regulation S-K ,
Regulation S-X ,
Risk Management ,
Secret Service ,
Securities and Exchange Commission (SEC)
Recent developments at the federal and state level demonstrate that regulators are focused on protecting consumer health data. Specifically, state and federal regulators want to close the gap between HIPAA-protected data and...more
7/21/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach Notification Rule ,
Personally Identifiable Information ,
PHI ,
Privacy Laws ,
State Privacy Laws
The New Year is in full swing and it’s time to consider the top trends in cybersecurity & data privacy our team expects to see throughout 2023. It will be an exciting year due to the myriad of new laws coming into effect, and...more
3/31/2023
/ Artificial Intelligence ,
Automation Systems ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more
2/22/2023
/ Breach Notification Rule ,
Civil Monetary Penalty ,
Compliance ,
Corrective Action Plans (CAPs) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
NIST ,
OCR ,
PHI ,
Risk Management
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On April 4, 2022, the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) seeking input from HIPAA-covered entities and business associates on how the industry understands and is...more
On March 9, 2022, the U.S. Securities Exchange Commission (the Commission) announced proposed amendments to its rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies...more
3/18/2022
/ Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
Foreign Private Issuers ,
Investors ,
Popular ,
Proposed Amendments ,
Risk Assessment ,
Risk Factors ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
What would you do if you woke up tomorrow and your company was experiencing a cybersecurity incident? What if IT systems were completely locked down? What if you could not use phones, check emails, or receive orders? What if...more
Defense contractors and their subcontractors and supply chains that have been preparing for the challenge of complying with the Cybersecurity Maturity Model Certification (CMMC) recently received some welcome news from the...more
11/22/2021
/ Contractors ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Fraud ,
Subcontractors ,
Supply Chain ,
Third-Party
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
7/6/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK Data Protection Act
On June 2, 2021, Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, published a rare open letter to the corporate executives and business leaders of...more
6/14/2021
/ Corporate Executives ,
Cybersecurity ,
Department of Justice (DOJ) ,
Economic Sanctions ,
Embargo ,
Executive Orders ,
Hackers ,
International Emergency Economic Powers Act (IEEPA) ,
Joe Biden ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
TWEA
On May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity following a series of highly publicized cybersecurity incidents during the first four months of his presidency, including the...more
5/14/2021
/ Compliance ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
DFARS ,
Encryption ,
Executive Orders ,
FBI ,
Federal Acquisition Regulations (FAR) ,
Joe Biden ,
National Security Agency (NSA) ,
Popular ,
Software ,
Supply Chain
On November 30, 2020, the U.S. Department of Defense (“DoD”) will begin to roll out the new Cybersecurity Maturity Model Certification (“CMMC”) framework that eventually will require all DoD contractors, subcontractors, and...more
10/27/2020
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Interim Rule ,
NIST ,
Subcontractors ,
Suppliers
As of November 30, 2020, certain U.S. Department of Defense (“DoD”) prime contractors and subcontractors will need to complete a cybersecurity self-assessment prior to receiving new DoD contracts and prior to the exercise of...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
5/4/2020
/ CARES Act ,
Centers for Disease Control and Prevention (CDC) ,
Centers for Medicare & Medicaid Services (CMS) ,
Consumer Financial Protection Bureau (CFPB) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Safe Harbors ,
World Health Organization
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
4/9/2020
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Regulatory Standards ,
Remote Working ,
Small Business ,
State of Emergency
As the coronavirus (also known as COVID-19) continues to impact all organizations globally and create uncertainty, cyber criminals are looking to exploit these vulnerabilities and fears and pose heightened cybersecurity...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The National Institute of Standards and Technology (NIST) has announced proposed changes to NIST Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The...more
Welcome to Foley’s new Manufacturing MarketTrends newsletter. In each edition, we will highlight key trends to watch out for in 2019, making it a year of change for manufacturers. ...more
4/18/2019
/ China ,
Cybersecurity ,
Due Diligence ,
Economic Sanctions ,
Manufacturers ,
North Korea ,
Office of Foreign Assets Control (OFAC) ,
Section 301 ,
Supply Chain ,
Tariffs ,
US Trade Policies
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The U.S. Department of Health and Human Services (DHHS) recently released Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP). DHHS states that the purpose of the HICP is to:
1. Raise...more