AI Today in 5: August 7, 2025. The US v. China Episode
Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
CFPB Issues Filing Instructions Guide for Small Business Lending Data - The CFPB has published instructions for banks and other covered financial institutions to submit small business lending data that is required to be...more
To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week...more
The American Hospital Association (AHA) has warned that information technology (IT) help desks are being targeted in a social engineering scheme that uses the stolen identity of revenue cycle employees or employees in other...more
Editor’s Note: The FTC continues to crack down on privacy and cybersecurity, including issuing a new warning to tax preparation companies and entering into a consent decree with 1Health.io. VPPA and BIPA litigation continues...more
The New York State Department of Financial Services (NYDFS) recently published a revised proposed second amendment to its cybersecurity regulation, 23 NYCRR 500. ...more
Designed for busy in-house counsel and compliance professionals, this newsletter seeks to bring you up to speed on key federal and state False Claims Act (FCA) developments, with links to primary resources. Each quarter, we...more
Account security and digital identity have been hot topics for regulators and at the National Institute of Standards and Technology (NIST). The government has been promoting multifactor authentication (MFA) and innovation in...more
Like most industries today, Consumer Finance Services businesses are significantly impacted by the novel coronavirus (COVID-19). In response, Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients...more
On August 28, 2019, the Federal Financial Institutions Examination Council (FFIEC) issued a press release encouraging organizations to utilize a standardized approach to assess and improve cybersecurity preparedness. ...more
The International Organization of Securities Commissions has published the final report of its Cyber Task Force on cyber regulation. The report sets out how IOSCO member jurisdictions apply three recognized cyber frameworks -...more
CA IoT Cybersecurity Bill Heads To Governor’s Desk The bill (SB-327), if signed by Gov. Brown, will take effect on January 1, 2020. It is aimed at securing connected devices. The bill states that, “a manufacturer of a...more
NIST has published Special Publication (SP) 1800-5, “IT Asset Management” to help financial service companies monitor and manage IT assets. ...more
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez - Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
Financial institutions covered by the New York State Department of Financial Services’ (NYDFS) new Cybersecurity Requirements for Financial Services Companies must file their first annual certification by February 15, 2018....more
Last year’s proposed comprehensive framework for cybersecurity rules for large financial institutions is suddenly facing an uncertain future. With the comment period having closed as of February 2017, the framework was facing...more
The New York Department of Financial Services (NYDFS)’s finalized Cybersecurity Requirements for Financial Services Companies (“regulations”), went into effect on March 1, 2017. NYDFS has provided a 6 month safe harbor to...more
In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”). While the revisions pare back some of the DFS Rule’s original requirements...more
As we previously reported, in September 2016 the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies and other financial services institutions regulated by...more
Updates on the EU: German DPA Publishes First Privacy Shield Guidelines, Requires German-Law Contracts for Transfers. On June 7, 2016, the European Commission adopted the EU-U.S. Privacy Shield. One question that many...more
On October 17, 2016, the Federal Financial Institutions Examination Council (“FFIEC” or the “Council”) released a set of answers to frequently asked questions about its cybersecurity assessment tool (the “CAT”). The FFIEC, an...more
On October 18, 2016, the Federal Financial Institutions Examination Council (FFIEC) issued answers to frequently asked questions (FAQs) to clarify points in FFEIC’s Cybersecurity Assessment Tool (Assessment). FFIEC released...more
On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions...more
In this edition of our Privacy & Cybersecurity Update, we examine the Sixth Circuit's decision to allow injury-in-fact to be established by alleging a "substantial risk of harm" in a data breach case, New York state's...more
The Federal Financial Institutions Examination Council (FFIEC)—the interagency body tasked with setting uniform principals and standards for the examination of financial institutions by federal prudential regulators,...more