The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
Effective May 24, 2024, the Office of the Privacy Commissioner of Canada (OPC) has introduced a new online PIPEDA breach reporting form for federal institutions and businesses subject to the Personal Information Protection...more
Last week, the U.S. Securities and Exchange Commission (“SEC”) became the latest federal regulator to implement a data breach notification law. The commissioners unanimously voted to approve amendments to Regulation S-P (the...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
Texas recently amended its breach notification statute to shorten the time businesses have to notify the state Attorney General after a data breach affecting 250 or more Texas residents. As of September 1, businesses must...more
The Indian Computer Emergency Response Team (“CERT-In”) issued Directions on April 28, 2022 “to strengthen the cybersecurity in the country” and that has significant implications for the cybersecurity landscape. Effective...more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice. We invite you to share this resource with your colleagues and visit...more
Ransomware attacks have become headline news in the mainstream media, and a hot topic not only on this blog but in government circles. And with good reason as the United States suffered a staggering 421.5 million ransomware...more
The Federal Trade Commission has reached a settlement in the matter of CafePress. Here are some things you should know: Data minimization: •Storing information indefinitely on your network without a business need creates...more
When can a data breach get worse? When the process of notifying victims creates a second breach. Take the example of a cancer treatment center that recently paid $425,000 to settle allegations that included a faulty...more
On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the...more
It’s 8 a.m., and you just learned that a material cyber-incident occurred in your organization. You fire up your Incident Response Plan. You engage outside counsel, and outside counsel engages a forensic firm. Your company,...more
One thing I appreciate about the SEC comment letter process is that it gives real life examples to what is often discussed hypothetically. Take, for example, cybersecurity and steps management should take when a data incident...more
An enhanced resource for analysis of data breach notification laws for all 50 states is now just a click away. BakerHostetler combined two of its state breach notification law resources (a summary of the laws and a guide to...more
On February 21, 2018, the U.S. Securities and Exchange Commission (SEC) issued updates to its interpretive guidance on how public companies should disclose cybersecurity breaches and risks. There are two core messages at...more
The attached chart constitutes a summary of the laws of various jurisdictions that govern data breach notifications....more
On October 6, California Governor Jerry Brown signed legislation updating California’s data breach notice statute for the third time in three years. The news was quickly overshadowed by the CJEU’s decision invalidating the...more
The SEC announced last week that an investment adviser had agreed to settle charges that it failed to take required steps to protect against and respond effectively to a cybersecurity breach. The action comes on the heels of...more