The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The 2024 CrowdStrike outage and the ransomware attack on NHS partner Synnovis hit mainstream news and highlighted the fragility of ICT supply chains and the risks posed by cyber incidents....more
As previously reported in May 2024 FHA announced a requirement for FHA approved lenders to notify the U.S. Department of Housing and Urban Development (HUD) of Significant Cybersecurity Incidents, and the requirement was...more
Numbers never lie. The second most targeted industry in terms of hacking and breaches is Finance, which was the victim somewhere in the realm of 2,306 to 2,792 cyberattacks in 2023 (depending on the source). With each data...more
As we discussed in a recent post, earlier this year the U.S. Department of Housing and Urban Development (“HUD”) issued Mortgagee Letter 2024-10, which imposed a new requirement on all FHA-approved mortgagees to report...more
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more
The financial services industry has seen a litany of new data privacy and cybersecurity challenges through the first half of 2024. Financial institutions are facing unprecedented compliance hurdles resulting from the...more
The New York State Department of Financial Services (“NYDFS”), which regulates financial services institutions including banks, insurance companies, and mortgage brokers, finalized an amendment to its Cybersecurity Regulation...more
On October 27, 2023, the Federal Trade Commission (“FTC”) adopted an amendment to the FTC’s Safeguards Rule that will require non-banking financial institutions to notify the FTC within thirty days of discovering a data...more
On October 27, the Federal Trade Commission (FTC or Commission) published a final rule expanding data breach notification requirements for certain financial institutions (Final Rule). Federal Register, will require entities...more
The Federal Trade Commission (the “FTC”) approved last week an amendment to its Safeguards Rule that will institute new data breach notification requirements for non-bank financial institutions....more
Key Point: The Federal Trade Commission (FTC) has amended the Safeguards Rule to require non-banking financial institutions to inform the FTC within 30 days of discovering any unauthorized acquisition of unencrypted customer...more
The SEC is continuing its campaign to overhaul cybersecurity, cyber incident reporting, and privacy controls and requirements for financial services industry registrants, their service providers, and corporate America...more
Three days. Starting September 1, 2023, that is all federally insured credit unions will have to report cyber incidents. The rule, approved on February 16, 2023, broadly defines cyber incident to include any incident that...more
The NCUA stated the new rule, which was approved on Feb. 16, 2023, aims to mitigate cyber incidents “that [lead] to a substantial loss of confidentiality, integrity, or availability of a network or member information system...more
The National Credit Union Administration (NCUA) has approved new cyber incident reporting requirements for credit unions. Under the final rule, federally insured credit unions will be required to notify the NCUA of a...more
On February 16, the NCUA approved a final rule that requires federally-insured credit unions (FICUs) to notify the agency as soon as possible (and no later than 72 hours) after a FICU “reasonably believes that a reportable...more
On March 29, 2022, federal banking regulators issued important guidance for how banking organizations can comply with the upcoming requirement to notify regulators within 36 hours of ransomware or other disruptive...more
On February 9, the Securities and Exchange Commission (“SEC”) voted to propose rule 206(4)-9 under the Advisers Act and 38a-2 under the Investment Company Act (collectively, “Proposed Rule”). In general, the Proposed Rule...more
As the federal government continues its whole-of-government response to cyber incidents, federal banking regulators took action to impose a new notice requirement on federally regulated banks. In November, the Federal Deposit...more
In early March, the New York State Department of Financial Services (“NYDFS”) announced a consent order that required Maine-based mortgage servicer Residential Mortgage Services, Inc. (“Residential”) to pay a $1.5 million...more
The New York State Department of Financial Services (DFS) announced its second enforcement action and first settlement under its cybersecurity regulations (23 NYCRR Part 500). At issue was a licensed mortgage lender's failure...more