Katherine Doty Hanniford

Katherine Doty Hanniford

Alston & Bird

Contact
View Bio
RSS

Latest Posts › Risk Management

Share:

SEC Withdraws Proposed Cyber-Related Rule Applicable to Broker-Dealers And Signals SolarWinds Settlement on the Horizon

The Securities and Exchange Commission (SEC) recently announced the withdrawal of several Biden-era regulations, including a proposed rule that would have required a broad range of platforms and financial intermediaries (such...more

7/21/2025  /  Biden Administration , Broker-Dealer , Compliance , Cybersecurity , Disclosure Requirements , Enforcement Actions , Regulatory Reform , Regulatory Requirements , Risk Management , Securities and Exchange Commission (SEC) , Securities Regulation , Trump Administration

New York Department of Health Issues Urgent Cybersecurity Warning Following U.S. Strikes on Iranian Nuclear Facilities

The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following...more

7/15/2025  /  Critical Infrastructure Sectors , Cyber Attacks , Cyber Threats , Cybersecurity , Department of Health and Human Services (HHS) , Healthcare , National Security , Ransomware , Risk Management , State and Local Government

NSA, CISA, FBI, and International Partners Issue Joint Guidance on AI Data Security

Artificial intelligence (AI) systems are vulnerable to more than just threat actors. Our Privacy, Cyber & Data Strategy Group examines joint guidance issued by U.S. and international cybersecurity agencies that provides best...more

6/23/2025  /  Artificial Intelligence , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Data Collection , Incident Response Plans , Risk Assessment , Risk Management , Supply Chain

Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect

On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more

5/5/2025  /  Compliance Dates , Covered Entities , Cybersecurity , Data Security , Financial Services Industry , New Regulations , NYDFS , Regulatory Requirements , Risk Management , Vulnerability Assessments

North Korean IT Remote Worker Fraud Scheme Data Security and Employment Law Impact

The recent indictment of 14 North Korean nationals for fraudulently obtaining remote IT jobs with U.S.-based companies underscores the importance of vigilant hiring practices. Our Privacy, Cyber & Data Strategy and...more

1/20/2025  /  Cybersecurity , Data Privacy , Data Security , Employment Discrimination , Form I-9 , Fraud , Hiring & Firing , Information Technology , Remote Working , Risk Management

New Year, New HIPAA Security Rule: OCR Adds to Health Care Entities’ New Year’s Resolutions

The Biden Administration’s Office for Civil Rights delivered on its promise to propose an update to the HIPAA Security Rule. Our Health Care and Privacy, Cyber & Data Strategy groups summarize key points from the new rule and...more

1/8/2025  /  Compliance , Cybersecurity , Data Breach , Data Privacy , Data Security , Electronic Protected Health Information (ePHI) , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Security Rule , OCR , Risk Management

Coming This December: Will Health Care Entities Be Unwrapping New HIPAA Security Rules for the Holidays?

Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more

11/1/2024  /  Cyber Attacks , Cyber Threats , Cybersecurity , Cybersecurity Framework , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , NIST , OCR , Ransomware , Risk Management

President Biden Signs First National Security Memorandum Focused on AI

On October 24, 2024, President Biden signed the first-ever National Security Memorandum (“NSM”) focused on artificial intelligence (“AI”), pursuant to subsection 4.8 of Executive Order 14110. The NSM provides guidance on...more

10/29/2024  /  Artificial Intelligence , Biden Administration , Innovative Technology , Machine Learning , National Security , Regulatory Oversight , Risk Management

NYDFS Issues Guidance on Artificial Intelligence-related Cybersecurity Risks

On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter covering Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Industry...more

10/18/2024  /  Artificial Intelligence , Cyber Attacks , Cyber Threats , Cybersecurity , Data Protection , Financial Services Industry , NYDFS , Regulatory Oversight , Risk Management

Top 10 Issues General Counsel Need to Know About Ransomware in 2024

Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more

2/26/2024  /  Corporate Counsel , Cyber Attacks , Cyber Crimes , Cyber Threats , Cybersecurity , Data Breach , Data Protection , Data Security , Data Theft , NYDFS , Popular , Ransomware , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

NYDFS Releases Industry Letter on the Use of Self-Service Password Reset Feature

On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password...more

1/24/2024  /  Cybersecurity , Financial Services Industry , NYDFS , Passwords , Risk Management

SEC Adopts New Cybersecurity Disclosure Rules for Public Companies

Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s final changes to its cybersecurity reporting rules for public companies...more

8/2/2023  /  Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Form 8-K , Publicly-Traded Companies , Regulation S-K , Risk Management , Securities and Exchange Commission (SEC)

SEC Proposes Sweeping New Cybersecurity Disclosure Rules for Public Companies

Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s latest sweeping changes to its cybersecurity reporting rules for public...more

3/16/2022  /  Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Form 10-Q , Form 8-K , Publicly-Traded Companies , Regulation S-K , Risk Management , Securities and Exchange Commission (SEC) , Securities Exchange Act

SEC Cements Expectations for Investment Advisers’ and Investment Companies’ Cyber Preparedness and Disclosure

Our Privacy, Cyber & Data Strategy and Investment Management, Trading & Markets Teams review the Securities and Exchange Commission’s potentially transformative proposed rules that would require registered investment...more

3/14/2022  /  Comment Period , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Investment Adviser , Investment Companies , Proposed Rules , Risk Management , Securities and Exchange Commission (SEC)

U.S. Government Launches StopRansomware.gov

On July 15, 2021, the DOJ and DHS together with additional federal partners launched StopRansomware.gov, a one-stop hub intended to help the private and public sector mitigate the threat of ransomware.  The website includes a...more

7/19/2021  /  Cybersecurity , Department of Homeland Security (DHS) , Department of Justice (DOJ) , National Security , Ransomware , Risk Management , Risk Mitigation

EU Spotlight: Top 6 Issues All General Counsel Need to Know About Ransomware

Ransom demands from cyber-attacks show no signs of slowing down, and the costs—both from ransom payments and repairing the damage—are rising precipitously. Our Privacy, Cyber & Data Strategy Team outlines six ways companies...more

7/13/2021  /  Cyber Attacks , Cyber Insurance , Cybersecurity , EU , Extortion , Popular , Ransomware , Risk Management

NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations

The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated...more

7/6/2021  /  Cyber Attacks , Cybersecurity , Data Protection , Financial Services Industry , NYDFS , Popular , Ransomware , Reporting Requirements , Risk Management

Top 7 Issues All General Counsel Need to Know About Ransomware

Companies face increasingly tough decision points in preparing for and responding to the proliferation of ransomware attacks. Our Privacy, Cyber & Data Strategy Group outlines seven issues for general counsel to consider as...more

5/17/2021  /  Cyber Attacks , Cyber Crimes , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Data Security , Ransomware , Risk Management , Risk Mitigation , Vulnerability Assessments

NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses

Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by...more

4/30/2021  /  Covered Entities , Cyber Attacks , Cybersecurity , NYDFS , Popular , Risk Management , SolarWinds , Supply Chain

NYDFS Issues Best Practices for Cyber Insurance Risk Management

Against the backdrop of the disruptions associated with the Covid-19 pandemic and SolarWinds cyber-espionage campaign, NYDFS has released guidance for insurers that underwrite cyber insurance policies and which contains a...more

2/19/2021  /  Cyber Attacks , Cyber Crimes , Cyber Insurance , Cybersecurity , Data Breach , Data Protection , Information Technology , NYDFS , Popular , Ransomware , Risk Management

Managing a Cyber Crisis: 7 Practical Tips to Recover with Strength

Cybersecurity incidents—including second wave attacks—are on the rise. Our Privacy, Cyber & Data Strategy Team outlines seven tips for managing a cybersecurity incident—and recovering with strength....more

2/10/2021  /  Cyber Attacks , Cyber Threats , Cybersecurity , Data Protection , Data Security , Hackers , Popular , Ransomware , Risk Management

SEC Focused on Protecting Customer Accounts from Credential Stuffing Attacks

OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to...more

9/25/2020  /  Cybersecurity , Data Security , OCIE , Personally Identifiable Information , Regulation S-ID , Regulation S-P , Risk Management , Risk Mitigation
22 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide