Tagged as: Cybersecurity

States Look to Strengthen Protections for Consumer Health Data Post-Dobbs

The Supreme Court’s ruling in the Dobbs Decision, which overturned Roe v. Wade and Casey v. Planned Parenthood and eliminated the constitutional right to an abortion, permitted states to regulate access to abortion services. Since the Supreme Court issued its opinion on June 24, 2022, privacy, consumer and reproductive health…

Read More

6 Predictions, 6 Attorneys - Goodwin's 2023 Data, Privacy & Cybersecurity Outlook

In honor of Data Privacy Week, and as we kick off 2023, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. How will the new Privacy Shield in the EU and UK affect data regulation? How will state privacy…

Read More

New Swiss Data Protection Law Will Become Effective September 1st, 2023 – What You Need to Know

On September 25, 2020, the Swiss Parliament approved revisions to Switzerland’s data protection law, the Federal Act on Data Protection of June 19, 1992 or FADP (“Revised FADP”). On August 31, 2022, the Swiss Federal Council decided that the Revised FADP will be brought into force on September 1st, 2023…

Read More

New Federal Law Mandates Cyber Incident and Ransomware Payment Reporting for Critical Infrastructure Industries

After years of lengthy debates, Congress passed and the President signed into law a bipartisan bill requiring entities in sectors deemed to constitute “critical infrastructure” to report certain cyber incidents and ransomware payments. Currently, companies may and often do voluntarily report cyber incidents to the FBI or other federal agencies,…

Read More

SEC Proposes Expanded and Accelerated Cybersecurity Disclosure by Public Companies

As a significant step in its ongoing initiatives on the disclosure, management and oversight of cybersecurity risks and incidents, on March 9, 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules that would significantly increase cyber-related disclosures by public operating companies. The proposed rules would: Require disclosure in Form 10-Q…

Read More

SEC Focus on Cybersecurity Begins To Take Shape

The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America generally. For example, in a recent speech, Chairman Gensler reiterated his focus on cybersecurity and underscored the SEC’s work to “improve…

Read More

SEC Cybersecurity Rules Target Investment Advisers and Investment Companies

On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed a package of new rules and amendments to enhance cybersecurity preparedness and improve cyber resilience of investment advisers and investment companies against cybersecurity threats and attacks. If adopted, these rules will incorporate existing SEC staff guidance on cybersecurity policies and…

Read More

The Princeton University Data Access Research: A Timely Reminder to Revisit Data Subject Request Processes

Update: Since going live with the below, the EDPB has published its draft guidelines addressing key aspects of a data subject’s right of access.  More to follow soon. Last month, a large number of EU and US companies received queries about their data access request procedures under the General Data Protection…

Read More

Critical Log4j Vulnerability Wreaks Havoc Across Cyberspace

In what is likely the largest industry-wide vulnerability since the SolarWinds Orion flaw uncovered late last year, a critical software bug was recently discovered within Apache Log4j, an open-source logging utility widely used in business software development. A long list of technology companies have already reported being affected, including such…

Read More

12