Now in its fifth year, the NYDFS Cybersecurity Regulation is a standout among state-level information security regulations. This year, the NYDFS is investing additional resources into cybersecurity, with a new NYDFS Cyber Intelligence Unit formed in 2021, new ransomware guidance, and increasing enforcement. Compliance with the NYDFS Cybersecurity Regulation requires…
There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a proposal on cybersecurity risk governance, which “could address issues such as cyber hygiene and incident…
I. OVERVIEW The U.S. Food & Drug Administration (“FDA”) has increased its focus on mitigating cybersecurity risks in medical device software. On June 24, 2021, the FDA issued two documents that are important not only for entities that service or remanufacture medical devices (“servicers” and “remanufacturers,” respectively), but also original equipment…
On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee of China’s National People’s Congress, China’s top legislative body, and is slated to take effect on…
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reigns on how the New SCCs cover data transfers and what companies need to do to take advantage of them and comply with regulatory implementation guidance, including in relation to…
The exponential rise in ransomware attacks in the past year has everyone on high alert, not least of which are regulators. Following on the heels of a June 2, 2021 White House memo addressing ransomware prevention, on June 30, 2021 the New York Department of Financial Services (“NYDFS”) issued new ransomware guidance of its…
In 2021, ransom and ransomware have been transformed from techno-speak to a topic on the tip of the tongue of every executive and business leader. High-profile attacks have disrupted American life as never before, but even ransomware events that don’t make the front page can be significant enough to cripple…
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”) into law. The CPA will take effect on July 1, 2023 and joins the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”), and Virginia Consumer Data Protection Act (“VCDPA”) on a growing list of comprehensive state data privacy laws…
By this point, most businesses that regularly send and receive funds electronically have heard about the risk of wire fraud scams in which an intruder changes wiring instructions and diverts funds to its own account, insidiously crafted to look like the proper account. But detecting these scams before they come…
Since its passage almost three years ago, the California Consumer Privacy Act (“CCPA”) has offered California-based consumers certain rights over the personal information companies collect and process about them. While responding to any request to exercise CCPA rights creates its own set of challenges, one right in particular – the right to…