Cybersecurity is one of the highest priority issues for public company executives and directors. This note shares our views—developed over our involvement in the aftermath of many cybersecurity events as well as counseling on...more
Under the Department of Defense (DoD) final Defense Federal Acquisition Regulation Supplement (DFARS) rule on Network Penetration Reporting and Contracting for Cloud Services, DoD contractors maintaining, processing, or...more
On May 11, President Trump signed his long-awaited Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” Much of the Order mandates efforts to improve the government's own...more
On February 16, the New York State Department of Financial Services (NYDFS) issued cybersecurity regulations for banks, insurance companies and other financial institutions subject to NYDFS jurisdiction. ...more
On October 21, 2016, the Department of Defense (DoD) issued its final rule on Network Penetration Reporting and Contracting for Cloud Services, amending an interim version issued on August 26, 2015, and revised on December...more
Yesterday, the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (Fed), and the Federal Deposit Insurance Corporation (FDIC) issued a joint advanced notice of proposed rulemaking (ANPRM) seeking...more
The Consumer Financial Protection Bureau (CFPB) announced its intention to act as a data security regulator by releasing its first unfair, deceptive or abusive acts or practices (UDAAP) enforcement action for allegedly...more
6/16/2016
/ Consumer Financial Protection Bureau (CFPB) ,
Data Security ,
Dodd-Frank ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FFIEC ,
FTC Act ,
Gramm-Leach-Blilely Act ,
LabMD ,
Section 5 ,
UDAAP
On May 16, 2016, the Federal Acquisition Regulations (“FAR”) Council published the final FAR rule on Basic Safeguarding of Contractor Information Systems. The rule is intended to prescribe “the most basic level” of...more
Legal Framework -
Summarise the main statutes and regulations that promote
cybersecurity. Does your jurisdiction have dedicated
cybersecurity laws?
The United States generally addresses cybersecurity...more
3/7/2016
/ Cloud Computing ,
Computer Fraud and Abuse Act (CFAA) ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Act of 2015 ,
Data Protection ,
DFARS ,
DMCA ,
ECPA ,
Federal Trade Commission (FTC) ,
FERC ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
PCI-DSS Standard ,
Popular ,
Risk Management ,
Sarbanes-Oxley ,
State Data Breach Notification Statutes
On December 30, 2015, the Department of Defense (DoD) issued a second interim rule on Network Penetration Reporting and Contracting for Cloud Services, amending an earlier version issued on August 26, 2015. The new, amended...more
On December 18, 2015, Congress passed, and the President signed, the Cybersecurity Act of 2015, which provides authorization and liability protection for cybersecurity monitoring and information-sharing and authorization for...more
On Friday, November 13, Federal Trade Commission (“FTC” or the “Commission”) Chief Administrative Law Judge (“ALJ”) D. Michael Chappell issued an Initial Decision in In the Matter of LabMD, Inc. (FTC Docket No. 9357),...more
On June 30, the Federal Trade Commission (FTC) issued its first guidance document as part of its Start with Security initiative. The initiative, announced by FTC Consumer Protection Director Jessica Rich in March, will...more