On December 12, 2023, the Department of Justice (DOJ) issued guidelines for companies to follow in requesting that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and Exchange Commission (“SEC”) pursuant to Form 8-K Item 1.05.

In July, the SEC finalized a rule (the “Final Rule”), which comes

On October 25, 2023, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Department of Health and Human Services (“HHS”) released a cybersecurity toolkit containing resources and information that organizations in the healthcare and public health (HPH) sector can utilize to reduce their cyber risk.

Continue reading.

On September 25, 2023, the Consumer Financial Protection Bureau (“CFPB”) began its most substantial Fair Credit Reporting Act (“FCRA”) rulemaking yet with an outline of proposed changes to Regulation V, which implements FCRA, ahead of the Bureau’s Small Business Advisory Review Panel.1  The proposals under consideration could have a substantial impact on the data

On July 19, 2023, the Office of the National Cyber Director (ONCD) issued a request for information (RFI) on cybersecurity regulatory harmonization.1 The RFI is intended to be a step toward the Biden Administration’s goal, as stated in the National Cybersecurity Strategy, to “harmonize not only regulations and rules, but also assessments and audits

On June 18, 2023, Governor Greg Abbott signed into law the Texas Data and Privacy Security Act (the “Texas Privacy Law”), which goes into effect July 1, 2024. With this law, Texas joins 10 other states that have also passed comprehensive privacy laws throughout the United States: California, Virginia, Colorado, Connecticut, Utah, Florida, Montana, Iowa,

2020 and 2021 saw sophisticated, coordinated cyber attacks affect some of the largest companies in the world. In the wake of these attacks, the Biden Administration and federal regulators—as well as businesses within the financial sector—are highly focused on cybersecurity. With a rapidly changing landscape, financial services companies are working hard to prepare for cyber

The long-awaited enforcement date of July 1, 2020 for the California Consumer Privacy Act (“CCPA”) has finally arrived. However, the uncertainty that existed at the beginning of the year with respect to CCPA and its enforcement still exists. While the California Office of the Attorney General (“OAG”) has issued the final version of the implementing

On October 7, 2019, the United States and United Kingdom released the text of a bilateral data access agreement that would permit law enforcement authorities in one country to make direct requests to communications service providers based in the other country for electronic evidence related to serious crimes, including terrorism. This would allow these companies

Almost immediately after the passage of the California Consumer Privacy Act (“CCPA”), lawmakers proposed both large and small amendments to it. On September 13, 2019, California’s legislative session came to a close and with it the last chance for the California legislature to pass amendments to the CCPA before it comes into effect on January