Search Results for:

New Federal Law Mandates Cyber Incident and Ransomware Payment Reporting for Critical Infrastructure Industries

After years of lengthy debates, Congress passed and the President signed into law a bipartisan bill requiring entities in sectors deemed to constitute “critical infrastructure” to report certain cyber incidents and ransomware payments. Currently, companies may and often do voluntarily report cyber incidents to the FBI or other federal agencies,…

Read More

Ninth Circuit: Web Scraping Does Not Violate CFAA

In a decision that is certain to reverberate through the big data community, the U.S. Court of Appeals for the Ninth Circuit ruled that the primary legal tool that companies tried to use to limit scraping of their websites – the criminal statute Computer Fraud and Abuse Act (“CFAA”) –…

Read More

U.S. and EU Reach Political Agreement On a New Trans-Atlantic Data Privacy Framework: The Implications for Businesses

On March 25, 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the US and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for transatlantic data flows (the New Framework). The parties now need to translate the consensus…

Read More

SEC Proposes Expanded and Accelerated Cybersecurity Disclosure by Public Companies

As a significant step in its ongoing initiatives on the disclosure, management and oversight of cybersecurity risks and incidents, on March 9, 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules that would significantly increase cyber-related disclosures by public operating companies. The proposed rules would: Require disclosure in Form 10-Q…

Read More

SEC Focus on Cybersecurity Begins To Take Shape

The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America generally. For example, in a recent speech, Chairman Gensler reiterated his focus on cybersecurity and underscored the SEC’s work to “improve…

Read More

SEC Cybersecurity Rules Target Investment Advisers and Investment Companies

On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed a package of new rules and amendments to enhance cybersecurity preparedness and improve cyber resilience of investment advisers and investment companies against cybersecurity threats and attacks. If adopted, these rules will incorporate existing SEC staff guidance on cybersecurity policies and…

Read More

The UK’s Newly Assertive FCA pushes Google to Check Fintech Companies’ Drive Into Europe

The UK’s Newly Assertive FCA pushes Google to Check Fintech Companies’ Drive Into Europe Subject to mounting pressure from UK lawmakers and regulators, in June 2021 Google announced a new policy that could limit the ability of US fintech companies to advertise in the UK – a key market for…

Read More

Critical Log4j Vulnerability Wreaks Havoc Across Cyberspace

In what is likely the largest industry-wide vulnerability since the SolarWinds Orion flaw uncovered late last year, a critical software bug was recently discovered within Apache Log4j, an open-source logging utility widely used in business software development. A long list of technology companies have already reported being affected, including such…

Read More

EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR: Another New Set of SCCs Seen

The European Data Protection Board (EDPB) recently published minutes of its last plenary meeting held in September 2021, which (in paragraph 2) shed light on how the EDPB may address one of the biggest open issues regarding data transfers from Europe — whether under General Data Protection Regulation (GDPR), Chapter V data…

Read More

FTC: Health Apps and Connected Devices Subject to Health Breach Notification

If you are not familiar with the FTC’s Health Breach Notification Rule, you are not alone. Issued in 2009, it has never been enforced. That may now change. In a recent Policy Statement, the FTC is putting a new spotlight on the Rule, explaining that the Rule applies to health…

Read More