Katherine Doty Hanniford

Katherine Doty Hanniford

Alston & Bird

Contact
View Bio
RSS

Latest Posts › Popular

Share:

FTC and State AGs Settle with Marriott over Starwood Data Breaches

Our Consumer Protection/FTC and Privacy, Cyber & Data Strategy teams unpack Starwood Hotels’ and Marriott International’s settlements with the Federal Trade Commission and Marriott’s settlement with state attorneys general...more

10/21/2024  /  Civil Monetary Penalty , Cybersecurity , Data Breach , Data Security , Federal Trade Commission (FTC) , Incident Response Plans , Liability , Marriott , Personal Information , Popular , Regulatory Authority , Risk Assessment , Settlement

Top 10 Issues General Counsel Need to Know About Ransomware in 2024

Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more

2/26/2024  /  Corporate Counsel , Cyber Attacks , Cyber Crimes , Cyber Threats , Cybersecurity , Data Breach , Data Protection , Data Security , Data Theft , NYDFS , Popular , Ransomware , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

HHS Issues Cybersecurity Performance Goals Specific to the Health Care and Public Health Sector

Our Health Care and Privacy, Cyber & Data Strategy Groups delve into the Department of Health and Human Services’ extensive efforts to encourage health care organizations to better protect patients’ privacy through better...more

2/6/2024  /  Centers for Medicare & Medicaid Services (CMS) , Cybersecurity , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare Facilities , NIST , Popular , Public Health

SEC’s Cybersecurity Rules – SEC Issues Guidance and DOJ Establishes Processes for the National Security or Public Safety Exception

Our Securities and Privacy, Cyber & Data Strategy teams unpack the Department of Justice’s (DOJ) process for companies seeking to delay Form 8-K disclosures under the Securities and Exchange Commission’s (SEC) cybersecurity...more

12/22/2023  /  Cyber Incident Reporting , Cybersecurity , Department of Justice (DOJ) , Disclosure Requirements , FBI , Form 8-K , National Security , Popular , Publicly-Traded Companies , Securities and Exchange Commission (SEC)

NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations

After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s...more

12/19/2023  /  Cybersecurity , Data Security , Enforcement Actions , Financial Services Industry , NYDFS , Popular

The SEC Sues SolarWinds and Its CISO for Alleged Fraud and Disclosure Controls Failures

Our Securities Litigation, Securities, and Privacy, Cyber & Data Strategy teams outline vital takeaways for public companies and their directors and officers in light of the Securities and Exchange Commission’s recent civil...more

11/13/2023  /  Chief Information Security Officer (CISO) , Corporate Liability , Cybersecurity , Data Security , Disclosure Requirements , Enforcement Actions , Fraud , Popular , Publicly-Traded Companies , Securities and Exchange Commission (SEC) , SolarWinds

NYDFS Finalizes Second Amendment to Its Cybersecurity Regulation

Our Privacy, Cyber & Data Strategy and Privacy & Cybersecurity Litigation teams examine the New York Department of Financial Services’ finalized Second Amendment to its Cybersecurity Regulation....more

11/10/2023  /  Compliance , Cybersecurity , Financial Institutions , Financial Services Industry , Notice Requirements , NYDFS , Popular

FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions

On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer...more

11/1/2023  /  Cybersecurity , Data Breach , Data Security , Federal Trade Commission (FTC) , Financial Institutions , Gramm-Leach-Blilely Act , Personally Identifiable Information , Popular , Safeguards Rule

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its...more

7/12/2023  /  Cybersecurity , Data Protection , Financial Services Industry , NYDFS , Popular , Risk Assessment

NYDFS Penalizes bitFlyer $1.2 Million for Violations to Cybersecurity Regulation

On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure...more

5/15/2023  /  Cryptocurrency , Cybersecurity , Enforcement Actions , NYDFS , Popular , Risk Assessment

NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022....more

11/22/2022  /  Asset Management , Cybersecurity , Data Protection , Data Retention , Financial Institutions , Financial Services Industry , NYDFS , Popular

FTC Revises the Safeguards Rule and Proposes Mandatory Reporting of Cybersecurity Events

On October 27, 2021, the FTC released its much-anticipated final revisions to the Gramm-Leach-Bliley Safeguards Rule (Safeguards Rule or Final Rule), following a 3-2 vote along party lines and also released a notice of...more

11/1/2021  /  Corporate Counsel , Cybersecurity , Data Security , Federal Trade Commission (FTC) , Popular , Reporting Requirements

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests...more

8/18/2021  /  Cross-Border , Data Protection , Data Security , EU , International Data Transfers , Popular , Securities and Exchange Commission (SEC) , Switzerland

EU Spotlight: Top 6 Issues All General Counsel Need to Know About Ransomware

Ransom demands from cyber-attacks show no signs of slowing down, and the costs—both from ransom payments and repairing the damage—are rising precipitously. Our Privacy, Cyber & Data Strategy Team outlines six ways companies...more

7/13/2021  /  Cyber Attacks , Cyber Insurance , Cybersecurity , EU , Extortion , Popular , Ransomware , Risk Management

NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations

The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated...more

7/6/2021  /  Cyber Attacks , Cybersecurity , Data Protection , Financial Services Industry , NYDFS , Popular , Ransomware , Reporting Requirements , Risk Management

NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses

Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by...more

4/30/2021  /  Covered Entities , Cyber Attacks , Cybersecurity , NYDFS , Popular , Risk Management , SolarWinds , Supply Chain

NYDFS Issues Best Practices for Cyber Insurance Risk Management

Against the backdrop of the disruptions associated with the Covid-19 pandemic and SolarWinds cyber-espionage campaign, NYDFS has released guidance for insurers that underwrite cyber insurance policies and which contains a...more

2/19/2021  /  Cyber Attacks , Cyber Crimes , Cyber Insurance , Cybersecurity , Data Breach , Data Protection , Information Technology , NYDFS , Popular , Ransomware , Risk Management

Managing a Cyber Crisis: 7 Practical Tips to Recover with Strength

Cybersecurity incidents—including second wave attacks—are on the rise. Our Privacy, Cyber & Data Strategy Team outlines seven tips for managing a cybersecurity incident—and recovering with strength....more

2/10/2021  /  Cyber Attacks , Cyber Threats , Cybersecurity , Data Protection , Data Security , Hackers , Popular , Ransomware , Risk Management

FTC Cautions Against Biased Outcomes in Use of AI and Algorithms

As the healthcare and financial impacts of COVID-19 continue to evolve with the global pandemic, the use of AI technology and associated risks have received greater attention. On April 8, 2020, the FTC posted an extensive...more

4/14/2020  /  Artificial Intelligence , Big Data , Cybersecurity , Data Collection , Federal Trade Commission (FTC) , Popular

Critical Audit Matters Disclosure Implicates Information Technology and Security

As independent auditors to public companies and business development companies begin to make required disclosure of Critical Audit Matters (CAMs) to the audit committee, such reports are beginning to include discussion of...more

11/6/2019  /  Auditors , Critical Audit Matters (CAMs) , Cybersecurity , Data Protection , PCAOB , Popular

SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the...more

4/19/2019  /  Broker-Dealer , Cybersecurity , Data Protection , Data Security , Investment Adviser , OCIE , Policies and Procedures , Popular , Regulation S-P , Risk Alert , Securities and Exchange Commission (SEC)

Companion Cybersecurity Disclosure Bills Introduced in U.S. Congress

On February 28 and March 13, 2019, members of the U.S. Senate and U.S. House of Representatives introduced legislation designed to enhance the transparency of cybersecurity risk oversight at certain SEC reporting companies. ...more

3/21/2019  /  Cybersecurity , NIST , Popular , Proposed Legislation , Securities and Exchange Commission (SEC)

NYDFS Cybersecurity Regulations Nearly Fully Effective

The February 15, 2019 NYDFS compliance certification deadline represents the last annual compliance certification subject to the transition period for covered entities to come into compliance with the cybersecurity...more

2/18/2019  /  Certificates of Compliance , Chief Compliance Officers , Compliance , Cybersecurity , Data Protection , NYDFS , Popular , Third-Party Service Provider

HHS Releases New “Health Industry Cybersecurity Practices”

On December 28, 2018, the Department of Health and Human Services (HHS) issued new voluntary cybersecurity guidance for the health care industry titled, “Health Industry Cybersecurity Practices: Managing Threats and...more

1/8/2019  /  Cyber Threats , Cybersecurity , Data Protection , Data Security , Department of Health and Human Services (HHS) , Health Care Providers , NIST , Popular

Michigan Enacts Insurance Data Security Model Law

Michigan enacted the Michigan Data Security Act on December 28, 2018, imposing stringent cybersecurity measures on any person (individual or corporate) licensed by the Michigan Department of Insurance and Financial Services. ...more

1/8/2019  /  Cybersecurity , Data Security , Insurance Industry , NAIC , Popular , WISP
29 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide