Paul Otto

Paul Otto

Hogan Lovells

Contact
View Bio
RSS

Latest Posts › Popular

Share:

Federal court strikes blow to expansive OCR web tracking position

The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more

6/25/2024  /  American Hospital Association , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Popular , Tracking Systems , Web Tracking

NIST refines Cybersecurity Security Framework, with increased focus on governance and supply chain

NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more

3/14/2024  /  Cybersecurity , Cybersecurity Framework , NIST , Popular , Risk Management , Supply Chain

FCC seeks to impose new carrier data breach notification rules

The U.S. Federal Communications Commission (FCC or Commission) released a Notice of Proposed Rulemaking (NPRM) seeking to update and strengthen its rules requiring telecommunications carriers and interconnected Voice over...more

1/9/2023  /  Customer Proprietary Network Information (CPNI) , Cyber Incident Reporting , Cybersecurity , Data Breach , FCC , NPRM , Popular , Telecommunications , VoIP

NYDFS publishes proposed amendments to Cybersecurity Regulation for covered entities

On November 9, 2022, the New York Department of Financial Services (NYDFS) published proposed amendments to significantly expand Cybersecurity Requirements for Financial Services Companies under 23 NYCRR 500 (the “NYDFS...more

11/21/2022  /  Critical Infrastructure Sectors , Cybersecurity , Financial Services Industry , Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) , NYDFS , Popular , Proposed Amendments

The Federal Communications Commission (again) sets its sights on cybersecurity

The field of regulators interested in the cybersecurity practices of private companies is getting crowded, with the Federal Communications Commission (FCC) becoming more and more active in this space. The FCC, which has...more

11/1/2022  /  Cyber Incident Reporting , Cybersecurity , FCC , Internet of Things , Notice of Proposed Rulemaking (NOPR) , Popular , Proposed Rules , Telecommunications , Wireless Industry

Rail industry receives new cybersecurity performance-based security requirements from TSA

On October 18, 2022, the United States Transportation Security Administration (TSA) released a new Security Directive applicable to the rail industry that will require certain owners and operators to implement new,...more

10/25/2022  /  Consumer Privacy Rights , Cybersecurity , Data Privacy , Data Protection , Data Security , Popular , Railroads , Railways

NHTSA issues updated cybersecurity best practices for the safety of modern vehicles

The National Highway Traffic Safety Administration (“NHTSA”) recently issued updated guidance on cybersecurity best practices for motor vehicle safety. This non-binding guidance demonstrates NHTSA’s continued emphasis on...more

9/19/2022  /  Automotive Industry , Cybersecurity , Data Privacy , Manufacturers , New Guidance , NHTSA , Popular , Privacy Concerns , Safety Standards

FDA updates “cybersecurity in medical devices” guidance, seeks industry input - Draft guidance addresses quality system...

The U.S. Food and Drug Administration (FDA) issued updated draft guidance, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” which aims to help industry take a more...more

4/15/2022  /  Cybersecurity , Data Breach , Data Privacy , Data Protection , Draft Guidance , Food and Drug Administration (FDA) , Medical Devices , Popular

FTC emphasizes expectations around the health breach notification rule

The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more

2/28/2022  /  Breach Notification Rule , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Digital Health , Federal Trade Commission (FTC) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Popular

TSA releases new security directives regarding cybersecurity requirements for the rail industry

On 2 December 2021, the United States Transportation Security Administration (TSA) released two Security Directives applicable to the rail industry that will require certain owners and operators to implement new cybersecurity...more

12/7/2021  /  Critical Infrastructure Sectors , Cybersecurity , Department of Homeland Security (DHS) , Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) , Mass Transit , National Security , Popular , Railways , Regulatory Oversight , Transportation Security Administration

CISA issues autonomous ground vehicle cybersecurity guide

The Cybersecurity and Infrastructure Security Agency (CISA), an agency within the Department of Homeland Security, recently issued an Autonomous Ground Vehicle Security Guide (Guide). Because autonomous-vehicle (AV) pilot...more

11/3/2021  /  Automation Systems , Cyber Attacks , Cybersecurity , Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) , Internet of Things , Pilot Programs , Popular , Risk Mitigation , Supply Chain

Hold the punitive damages: Connecticut is latest to incentivize implementing cybersecurity frameworks

Connecticut’s new cybersecurity standards law, which goes into effect on October 1, 2021, protects companies from punitive damages in certain data breach actions where an organization has a cybersecurity program that conforms...more

10/1/2021  /  Affirmative Defenses , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Federal Information Security Modernization Act (FISMA) , Gramm-Leach-Blilely Act , Health Insurance Portability and Accountability Act (HIPAA) , NIST , Popular , Safe Harbors , State Data Breach Notification Statutes

Key takeaways from NIST’s cyber executive order workshop

On June 2 and 3, the U.S. National Institute of Standards and Technology (NIST) held a workshop focused on the President’s recent Executive Order on Improving the Nation’s Cybersecurity (Order) during which government...more

6/11/2021  /  Biden Administration , Critical Infrastructure Sectors , Cybersecurity , Executive Orders , Information Technology , National Security , NIST , Popular , Software , Supply Chain

Department of Labor issues novel cybersecurity guidance for benefit plan sponsors and their service providers

On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA)....more

5/7/2021  /  Cybersecurity , Data Protection , EBSA , Employee Benefits , Employee Retirement Income Security Act (ERISA) , Fiduciary , Investment Management , Popular , Retirement Plan , Risk Mitigation

To pay or not to pay: Another regulator weighs in on the decision to pay a ransom

Ransomware victims face a nearly impossible decision: pay criminals holding their business hostage or refuse and face possible crippling consequences. This decision requires careful analysis of a number of considerations, and...more

2/25/2021  /  Cyber Attacks , Cyber Crimes , Cybersecurity , Data Breach , Hackers , Incident Response Plans , Information Technology , New Guidance , NYDFS , Personally Identifiable Information , Popular , Ransomware

New York regulator issues cyber insurance risk framework with implications for insurers and insureds

On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance....more

2/17/2021  /  Consumer Insurance Products , Cyber Attacks , Cyber Crimes , Cyber Insurance , Cybersecurity , Cybersecurity Framework , Data Breach , Data Protection , Insurance Regulations , NYDFS , Popular , Risk Management , State and Local Government

Cyber Investigations and Privilege: Court Finds Forensic Report not Covered by Work Product Doctrine

Last week, the U.S. District Court for the Eastern District of Virginia ordered Capital One to produce a forensic investigation report in multidistrict litigation arising out of the cyber incident Capital One announced in...more

6/5/2020  /  Capital One , Class Action , Cyber Attacks , Data Breach , Financial Services Industry , Forensic Examination , Popular

Employers Take Notice: Increased Cybersecurity Threats Amid Coronavirus Precautions

On March 11, the Word Health Organization officially characterized the coronavirus (COVID-19) outbreak as a pandemic. During the outbreak, many employers around the world are seeking to prioritize the well-being and safety of...more

3/16/2020  /  Business Continuity Plans , Business Interruption , China , Coronavirus/COVID-19 , Crisis Management , Cybersecurity , Data Protection , Emergency Management Plans , Infectious Diseases , Information Security , Malware , Policies and Procedures , Popular , Public Health , Risk Management

Harmonizing cybersecurity for medical devices: International collaboration moves forward

On 1 October 2019 the International Medical Device Regulators Forum (IMDRF) Medical Device Cybersecurity Working Group released a draft document titled "Principles and Practices for Medical Device Cybersecurity" (IMDRF...more

10/10/2019  /  Cybersecurity , Food and Drug Administration (FDA) , Health Care Providers , International Medical Device Regulators Forum (IMDRF) , Life Sciences , Manufacturers , Medical Devices , Network Security , Pharmaceutical Industry , Popular , Regulatory Oversight , Vulnerability Assessments

New York Enacts New Data Security Laws

On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more

8/8/2019  /  Biometric Information , Cybersecurity , Data Breach , Data Protection , Data Security , Governor Cuomo , Hackers , New Legislation , Personally Identifiable Information , Popular , Security Standards , SHIELD Act , State and Local Government , State Data Breach Notification Statutes

Proposed changes to FDA guidance for the content of premarket submissions for management of cybersecurity in medical devices: What...

On October 18, 2018, FDA issued a long-awaited draft revision to its existing guidance "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices"(premarket cybersecurity guidance). This coincided...more

10/22/2018  /  Cybersecurity , Food and Drug Administration (FDA) , Life Sciences , Medical Devices , Pharmaceutical Industry , Popular , Premarket Approval Applications , Regulatory Oversight , Regulatory Requirements

California Passes First-Of-Its-Kind Law Focused on Internet of Things Cybersecurity

Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. ...more

10/18/2018  /  Connected Items , Cyber Attacks , Cybersecurity , Data Protection , Hackers , Information Technology , Internet of Things , Mobile Devices , New Legislation , Popular , Risk Management , Security Standards , State and Local Government

FDA signals increasing focus on cybersecurity requirements

With the continued explosion of software and software-controlled medical devices, including the growing use of machine learning and artificial intelligence, the FDA (the Agency) Medical Device Safety Action Plan (the Plan)...more

4/26/2018  /  Connected Items , Cybersecurity , Data Breach , Food and Drug Administration (FDA) , Medical Devices , Patient Safety , Personal Data , Pharmaceutical Industry , Popular , Regulatory Standards , Risk Management

Best practices for managing cybersecurity risks related to IoT-connected medical devices

Connected medical devices deliver numerous benefits not available before, including improved monitoring of patient welfare and a wealth of vital data. But for all the advantages available through these devices, their...more

3/12/2018  /  Best Practices , Connected Items , Cyber Attacks , Cybersecurity , Data Security , Federal Trade Commission (FTC) , Food and Drug Administration (FDA) , General Data Protection Regulation (GDPR) , Hackers , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Internet of Things , Life Sciences , Medical Devices , Patient Safety , Personal Data , Pharmaceutical Industry , Popular , Regulatory Oversight , Risk Management , Security Risk Assessments , Training

A guide to NYDFS Cybersecurity Regulation's March 1 implementation deadline

It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more

2/28/2018  /  Banking Sector , Chief Information Security Officer (CISO) , Cybersecurity , Cybersecurity Framework , Data Protection , Financial Institutions , Financial Services Industry , Information Technology , Insurance Industry , NYDFS , Popular , Risk Assessment , Risk Management , Vulnerability Assessments
30 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide