This client alert will briefly outline key upcoming deadlines under the New York State Department of Financial Services (DFS) Cybersecurity Regulation (the “Regulation”). These include annual filing deadlines coming up in...more
1/31/2019
/ Certificates of Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Encryption ,
Exemptions ,
Filing Deadlines ,
NYDFS ,
Policies and Procedures ,
Risk Assessment ,
Third-Party Service Provider ,
Vendors
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of public forums and accepting...more
1/29/2019
/ Comment Period ,
Consumer Privacy Rights ,
Consumer Protection Act ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Non-Discrimination Rules ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
Safe Harbors ,
State Attorneys General
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies.
• Main areas for non-profit...more
1/28/2019
/ Australia ,
CNIL ,
Cybersecurity ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Nonprofits ,
Personal Data ,
Popular ,
Request For Information
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of six public forums and...more
1/16/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General
The Department of Defense (DOD) and its component services and agencies are taking several independent steps to assess and enhance their cyber and supply chain security that will directly or indirectly affect DOD contractors...more
12/20/2018
/ Airlines ,
Aviation Industry ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Agency Taskforce ,
Federal Contractors ,
Final Guidance ,
General Services Administration (GSA) ,
Government Agencies ,
Memorandum of Understanding ,
NIST ,
Popular ,
Subcontractors ,
Supply Chain ,
Technology Sector ,
Transportation Industry ,
TSA ,
U.S. Navy
• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more
9/10/2018
/ California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Time Extensions
• DoD and other government agencies will scrutinize contractors’ supply chain security plans and programs from proposal submission to contract closeout.
• The 2019 NDAA as approved by Congress and DHS initiatives highlight...more
8/22/2018
/ Acquisitions ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Federal Contractors ,
Goods or Services ,
Government Agencies ,
National Security ,
NDAA ,
Popular ,
Risk Assessment ,
Risk Management ,
Software ,
Strategic Planning ,
Supply Chain
On September 1, 2018, five new requirements included in the New York State Department of Financial Services’ (DFS) Cybersecurity Regulation go into effect – (1) audit trails, (2) application security, (3) data disposal...more
8/13/2018
/ Audit Reports ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
NYDFS ,
Policies and Procedures ,
Popular ,
Recordkeeping Requirements ,
Risk Management ,
State Data Breach Notification Statutes
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights.
• The CCPA creates a private right of action for California...more
7/9/2018
/ Attorney General ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Enforcement Actions ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Right to Delete ,
Third-Party Service Provider ,
Transparency
• California’s new regulations lay out the requirements for manufacturers to obtain permits to test and deploy autonomous-vehicles on public roads. The regulations enable manufacturers to test fully driverless vehicles and...more
3/13/2018
/ Automotive Industry ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
DMV ,
Driverless Cars ,
Innovation ,
Manufacturers ,
New Regulations ,
NHTSA ,
Office of Administrative Law ,
Permits ,
Personally Identifiable Information ,
Registration Requirement ,
Roads ,
Technology Sector
Germany has enacted a new data protection statute, which came into force on February 24, 2016, and enables business associations and consumer groups to enforce violations of German data protection laws against businesses....more
On November 13, 2015, Federal Trade Commission (FTC) Chief Administrative Law Judge Michael Chappell dismissed a suit brought by the FTC alleging that LabMD’s failure to implement reasonable and appropriate data security...more
If you read one thing...
- On September 15th, the SEC OCIE announced in a Risk Alert it will launch a second round of cybersecurity examinations of registered broker-dealers and investment advisers, which will be more...more
9/21/2015
/ Cybersecurity ,
Data Protection ,
Industry Examinations ,
NIST ,
OCIE ,
Risk Alert ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Security and Privacy Controls ,
Training
The recent hacking of the sensitive personal information of millions of American public servants at the Office of Personnel Management (OPM) points out a noteworthy distinction in how the U.S. government views some types of...more
On June 18, 2015, Congressmen Jim Langevin (D-RI) and Jim Himes (D-CT) sent a letter to the Securities and Exchange Commission (SEC) calling for updated cybersecurity disclosure guidance for publicly traded companies....more
On Thursday, March 12, 2015, House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade Chairman Michael Burgess (R-TX), along with Reps. Marsha Blackburn (R-TN) and Peter Welch (D-VT), released draft text of...more
Yesterday, Federal Trade Commission (FTC) Chairwoman Edith Ramirez and FTC Bureau of Consumer Protection Director Jessica Rich announced that the FTC will begin a “Start with Security” campaign, through which the FTC will...more