Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
On March 26, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a privacy breach real risk of significant harm assessment tool (Tool) for organizations....more
On April 11, North Dakota enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers. The law amends multiple chapters of the North Dakota Century Code and creates...more
Lawmakers expressed bipartisan support for significantly amending or eliminating some cybersecurity incident notification requirements during a recent hearing of the U.S. House Committee on Homeland Security's Subcommittee on...more
On February 20, 2025, the Polish Personal Data Protection Office (UODO) published an updated version of the guide on personal data protection breaches. The first edition was released in 2018. The latest version...more
In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules requiring public companies to report material cybersecurity incidents under new Item 1.05 of Form 8-K beginning on December 18, 2023. Our...more
We explore what trustees need to be aware of when dealing with data and complying with their obligations under the Data Protection (Bailiwick of Guernsey) Law, 2017 and related legislation (the "DP Law")....more
New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more
After a data breach, organizations need to understand the scope of the incident in order to quickly resolve it and ensure they are able to meet notification requirements. The urgency often leads to the misguided belief that...more
On 29 November 2024, the Australian Senate passed the Privacy and Other Legislation Amendment Bill 2024 (Cth) (the Privacy Act Bill). This follows the passage of the Cyber Security Act 2024 (Cth), and other cyber-security...more
As cybersecurity rules proliferate, companies must navigate a maze of new, and often overlapping, proactive and reactive cybersecurity requirements and guidance. This Legal Update surveys new cybersecurity rules and...more
Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding disclosures of material cybersecurity incidents via Form 8-K under...more
The financial services industry has seen a litany of new data privacy and cybersecurity challenges through the first half of 2024. Financial institutions are facing unprecedented compliance hurdles resulting from the...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
The Securities and Exchange Commission (“SEC”) adopted new rules requiring the disclosure of cybersecurity risk management, strategy, governance and material incidents (the “Rules”), effective September 5, 2023. The Rules...more
For the second year in a row, the manufacturing industry has fallen victim to more cyberattacks than any other major business sector. Indeed, according to IBM Security’s X-Force Threat Intelligence Index, nearly 25 percent...more
After an extensive comment period, the SEC announced on July 26 that it was formally adopting new rules for public companies governing cybersecurity disclosures. The rules had generated significant backlash from public...more
The Securities and Exchange Commission (“SEC”) voted on July 26, 2023 to adopt new cybersecurity rules, which are aimed at helping investors better understand the cybersecurity risks associated with public companies by...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to approve final rules governing cybersecurity disclosures of public companies (“Final Rules”). The Final Rules make meaningful changes to the current and...more
Editor’s Note: On August 31, 2022, HaystackID shared an educational webcast on the topic of data mining in data breach incident response. As data mining has increasingly become one of the largest expenses during a cyber...more
On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules...more
Complementing the patchwork of state data breach notification laws, a number of federal agencies recently have promulgated sector-specific reporting rules affecting a variety of companies, both directly and indirectly, with...more