Herb Stapleton's FBI Experience Proves to be Asset to Dinsmore's Corporate Team
Former FBI Executive and Cybersecurity Leader Herbert Stapleton Joins Dinsmore’s National Corporate Practice
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
2023 DSIR Deeper Dive: State Privacy and Data Collection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
The U.S. Environmental Protection Agency (EPA) has published a sector-wide set of non-regulatory recommendations to strengthen U.S. drinking water and wastewater systems against cyber attacks, alongside new funding for...more
France's Orientation and Programming Law of the Ministry of the Interior ("LOMPI law"), published in the Official Journal of January 25, 2023, amends the insurance coverage of losses and damages paid in response to...more
On March 29, 2022, federal banking regulators issued important guidance for how banking organizations can comply with the upcoming requirement to notify regulators within 36 hours of ransomware or other disruptive...more
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the U.S. about cybersecurity risks during the ongoing escalation of tension between the U.S. and Russia over...more
In the wake of increased ransomware attacks over the course of the last several months, the US Department of Treasury’s Office of Foreign Assets Control (OFAC) has updated a guidance it released last year on potential...more
The California Attorney General ("AG") has issued guidance reminding health care providers of their duty to report health care data breaches and to comply with other state and federal data privacy laws....more
In This Issue. The Federal Deposit Insurance Corporation (FDIC) is seeking information and comment regarding the FDIC’s supervisory approach to examinations during the pandemic; the FDIC’s tech lab, FIDTECH, announced a “tech...more
The exponential rise in ransomware attacks in the past year has everyone on high alert, not least of which are regulators. Following on the heels of a June 2, 2021 White House memo addressing ransomware prevention, on June...more
The U.S. Transportation Security Administration (TSA) issued its second Security Directive to the pipeline industry on July 20, 2021, following the Colonial Pipeline cybersecurity incident. ...more
2020 was a year of upheaval for the cybersecurity and data privacy space. COVID-19 raised new challenges, unprecedented cyberattacks highlighted vulnerabilities in both the private and public sectors, and sweeping new privacy...more
Ransomware victims face a nearly impossible decision: pay criminals holding their business hostage or refuse and face possible crippling consequences. This decision requires careful analysis of a number of considerations, and...more
In This Issue. The Securities and Exchange Commission (SEC) adopted amendments to its exemptive applications procedures under the Investment Company Act of 1940, as amended (the 1940 Act) and proposed to amend Form 13F to...more
In this month's edition of our Privacy & Cybersecurity Update, we examine Washington state's new facial recognition law, the U.K. Supreme Court's ruling that an employer is not liable for a data breach caused by a disgruntled...more
Recent months have seen a wave of ransomware attacks in the US healthcare industry, many involving a sophisticated strain of malware called Ryuk. To protect themselves, healthcare providers should review OCR’s recent guidance...more
In late January, the U.S. Department of Health and Human Services’ Healthcare & Public Health Sector Coordinating Council issued a new cybersecurity guidance document for healthcare businesses of all sizes. The guidance...more
As cybersecurity attacks have continued to gain prominence as a threat posing critical risk management and compliance challenges for financial institutions, the Securities and Exchange Commission (SEC) has emerged as an...more
Some forms of cyber extortion are automated and not targeted at any specific victim. For example, “ransomware” refers to a type of malware that prevents users from accessing their systems unless, and until, a ransom is paid. ...more
The Commission's "new" cybersecurity guidance largely rehashes existing guidance, as is highlighted by objections from two commissioners. At most, the additional qualitative guidance is incremental. It reiterates the need to...more
Public companies experiencing data security incidents have been largely successful in defeating derivative actions and securities class actions related to those cyber incidents....more
In February 2018 the SEC outlined its views with respect to cybersecurity disclosure requirements under the federal securities laws as they apply to public reporting companies. Set forth below is a checklist of items included...more
The U.S. Securities and Exchange Commission on Feb. 21, 2018, issued interpretive guidance on public company cybersecurity disclosures. The new guidance will affect public companies and companies seeking to go public in...more
On Feb. 21, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance on its expectations for corporate disclosures on cybersecurity risks. The guidance delineates where it believes existing SEC rules...more
DNV GL recently issued a new globally applicable recommended practice (DNLVGL-RP-G108) to assist oil and gas operators, system integrators and managers, and vendors in the offshore industry to manage increasing cybersecurity...more
Equifax takes no deposits and makes no loans, but New York now says that it, as well as all other consumer reporting agencies, must protect consumer data to the same degree as banks and other financial institutions. On...more
Yesterday, New York’s top financial regulator asked state-chartered banks and insurers to take immediate precautions to protect consumers and the financial markets “in light of the cybersecurity attack” at Equifax Inc....more