Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
The SEC’s amended Regulation S-P, adopted last year, will soon enhance data privacy protections for broker-dealers, investment companies, registered investment advisors, and transfer agents. The updated rule requires these...more
India just released a landmark draft of new rules to refine and implement the Digital Personal Data Protection Act (DPDP Act) – which is India’s first comprehensive data privacy legislation regulating digital personal data...more
Governor Kathy Hochul signed several bills last month designed to strengthen protections for the personal data of consumers. One of those bills (S2659B) makes important changes to the notification timing requirements under...more
On December 21, 2024, while many Americans were busy signing holiday cards and exchanging gifts, New York Governor Kathy Hochul was signing six significant pieces of legislation aimed at enhancing online safety and...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
On June 28, 2024, Pennsylvania Governor Josh Shapiro signed an amendment to Pennsylvania’s Breach of Personal Information Notification Act into law. The amended law, which includes significant changes to the Keystone State’s...more
When a party fails to comply with a condition precedent, especially if such a provision includes a time limit for the fulfilment of the obligation, it will often advance various arguments to avoid the consequences of...more
On May 16, 2024, the SEC amended Regulation S-P to impose new data privacy and security requirements on broker-dealers, registered investment advisers, investment companies (whether or not they are registered with the SEC),...more
In light of the ongoing investigation of Change Healthcare’s ransomware attack that resulted in the improper disclosure of thousands of individuals’ PHI, now seems like a perfect time to discuss HIPAA’s requirements...more
Australia welcomes new business and foreign investment by providing a strong economy, a stable political environment and a skilled and talented workforce. Our comprehensive guide to Doing Business in Australia has been...more
Does anyone else feel like Bill Murray in Groundhog Day, where his character keeps experiencing the same day over and over and over again? It seems like the Federal Trade Commission just amended the Safeguards Rule yesterday,...more
The amended rule requires financial institutions to notify the FTC within 30 days of discovery of a security breach involving information of at least 500 consumers. ...more
Back in 2021, the FTC announced substantial changes to the Rule that imposed more detailed and rigorous security requirements for covered financial institutions and was largely based on the New York State Department of...more
There are so many factors that go into breach response. Determining the size of the breach, time limitations, legal requirements, notification needs, urgency for containment, and interrupted business operations are just a...more
As we wrote in November, Pennsylvania amended its data breach notification laws last year, and those changes go into effect tomorrow (May 2, 2023). Beginning tomorrow, if a breach of username/email accounts and their...more
The European Data Protection Board (EDPB) held its 77th plenary meeting on 28 March 2023. The EDPB considered the following key topics...more
On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) released its proposal to amend Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (the “Proposed...more
The Federal Communications Commission (FCC) is seeking to update and strengthen its rules governing breaches of consumer data and personal information. Public comments on the new rules are due February 22, 2023, and reply...more
Recently, lawsuits have been filed against Duke and WakeMed regarding their use of Meta’s Meta Pixel tracking product and the alleged improper disclosure of patients’ protected health information (“PHI”). The U.S. Department...more
Maryland recently passed two companion bills amending the state’s Personal Information Protection Act. The bills modify the data breach notification requirements and scope of businesses subject to the data security...more
Last week, the Federal Trade Commission’s (FTC) tech blog quietly published a post that could have broad implications - for privacy practitioners and beyond. In this post, the agency takes the novel position that if consumer...more
Cases in our April Insurance Update address several questions: •Are costs incurred to comply with a subpoena covered? •What must an insured show to rebut the presumption of prejudice in a late notice situation? •What...more
Banking organizations must notify the appropriate agency within 36 hours of certain computer-security incidents; and banking service providers must notify affected banking organizations as soon as possible in the event of an...more
On November 23, 2021, the Office of the Comptroller of the Currency (the “OCC”), the Federal Deposit Insurance Corporation (the “FDIC”) and the Federal Reserve Board (the “Prudential Regulators”) exercised their collective...more