FTC: Health Apps and Connected Devices Subject to Health Breach Notification

If you are not familiar with the FTC’s Health Breach Notification Rule, you are not alone. Issued in 2009, it has never been enforced. That may now change. In a recent Policy Statement, the FTC is putting a new spotlight on the Rule, explaining that the Rule applies to health…

Read More

Link to Video - NYDFS Cybersecurity Regulation Webinar

Now in its fifth year, the NYDFS Cybersecurity Regulation is a standout among state-level information security regulations. This year, the NYDFS is investing additional resources into cybersecurity, with a new NYDFS Cyber Intelligence Unit formed in 2021, new ransomware guidance, and increasing enforcement. Compliance with the NYDFS Cybersecurity Regulation requires…

Read More

SEC Makes Cybersecurity Top Priority; Sanctions Firms For Cybersecurity Failures

here is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a proposal on cybersecurity risk governance, which “could address issues such as cyber hygiene and incident reporting.”…

Read More

Mitigation of Cybersecurity Risks in Medical Device Software: FDA Discussion & Insights for OEMs, Remanufacturers, and Servicers

I. OVERVIEW The U.S. Food & Drug Administration (“FDA”) has increased its focus on mitigating cybersecurity risks in medical device software. On June 24, 2021, the FDA issued two documents that are important not only for entities that service or remanufacture medical devices (“servicers” and “remanufacturers,” respectively), but also original equipment…

Read More

There's a New Regulator in Town: China Passes an Omnibus Data Privacy Law

On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee of China’s National People’s Congress, China’s top legislative body, and is slated to take effect on…

Read More

Europe Opts for Pragmatism with new SCCs and ICO Opens Consultations on UK SCC — What Companies Need to do Next

The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reigns on how the New SCCs cover data transfers and what companies need to do to take advantage of them and comply with regulatory implementation guidance, including in relation to…

Read More

NYDFS Issues Ransomware Guidance Aimed at Combatting Rising Cyber Threats

The exponential rise in ransomware attacks in the past year has everyone on high alert, not least of which are regulators. Following on the heels of a June 2, 2021 White House memo addressing ransomware prevention, on June 30, 2021 the New York Department of Financial Services (“NYDFS”) issued new ransomware guidance of its…

Read More

Link to Video - Where Are We With Ransomware And Where Do We Go From Here?

In 2021, ransom and ransomware have been transformed from techno-speak to a topic on the tip of the tongue of every executive and business leader. High-profile attacks have disrupted American life as never before, but even ransomware events that don’t make the front page can be significant enough to cripple…

Read More

The Colorado Privacy Act Joins List of Comprehensive State Privacy Laws

Since its passage almost three years ago, the California Consumer Privacy Act (“CCPA”) has offered California-based consumers certain rights over the personal information companies collect and process about them. While responding to any request to exercise CCPA rights creates its own set of challenges, one right in particular – the right to…

Read More