The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
7/22/2025
/ Artificial Intelligence ,
Biometric Information ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement Actions ,
EU ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
Telecommunications ,
UK GDPR ,
Web Tracking
Citing “escalating global conflict,” the New York Department of Financial Services issued an alert on Monday, June 22, 2025, to its regulated covered entities, urging them to be vigilant against potential security threats,...more
6/27/2025
/ Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Financial Services Industry ,
Global Disputes ,
Multi-Factor Authentication ,
NYDFS ,
Phishing Scams ,
Ransomware ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
The Department of Justice (DOJ) released a Final Rule restricting certain transfers of Americans’ sensitive personal data to identified countries of concern or covered individuals. The Final Rule continues to assert the DOJ...more
2/14/2025
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
Export Controls ,
Final Rules ,
Government Agencies ,
National Security ,
Personal Data ,
Regulatory Requirements
On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of...more
1/23/2025
/ Business Associates ,
Compliance ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HITECH Act ,
Multi-Factor Authentication ,
OCR ,
PHI ,
Proposed Rules ,
Public Comment ,
Risk Management
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
12/19/2024
/ Compliance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 10-Q ,
Form 8-K ,
Publicly-Traded Companies ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Whistleblowers
On October 15, 2024, the Department of Defense (“DoD”) published the final version of its rule implementing the Cybersecurity Maturity Model Certification (“CMMC”) Program under Title 32 of the Code of Federal Regulations...more
10/24/2024
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Prime Contractor ,
Proposed Rules ,
Subcontractors
As we have previously written, late last year the New York Department of Financial Services (NYDFS) adopted long-awaited amendments to its Part 500 Cybersecurity Regulations (Part 500). These are some of the most significant...more