Laura D. Richman

Contact:

NIST Releases Cybersecurity Framework Version 2.0

By Rajesh De, Laura D. Richman, Stephen Lilley, Adam Hickey, Sasha Keck, Evan Williams & Lauren Williams on August 16, 2023

Posted in Cybersecurity, Regulation, United States

On August 8, 2023, the National Institute of Standards and Technology (“NIST”) released a draft of The NIST Cybersecurity Framework (CSF) 2.0,¹ (the “CSF” or “Framework”) along with a Discussion Draft of the Implementation Examples.² This draft makes the most significant changes to the Framework since its initial release in 2014.…

SEC Adopts Final Rules on Public Company Cybersecurity Disclosures of Incidents and Processes

By Lawrence Cunningham, Edward Best, Rajesh De, Stephen Lilley, Anna T. Pinedo, Laura D. Richman, Justin Herring & Dominique Shelton Leipzig on July 28, 2023

Posted in Breaches & Incident Response, Cybersecurity, United States

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release, adopting final rules (the “Final Rules”) aimed at standardizing and enhancing disclosure relating to cybersecurity incidents and risk management processes. The SEC had proposed rules (the “Proposed Rules”) on March 9, 2022. The Final Rules reflect the considerable comments received…

SEC Proposes New Rules on Public Company Cybersecurity Disclosures

By Rajesh De, Anna T. Pinedo, Laura D. Richman, Christina M. Thomas & Dominique Shelton Leipzig on March 14, 2022

Posted in Cybersecurity, Government Agency Update / Notice, United States

On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,…

SEC Proposes Amendments That Would Place New Cybersecurity Reporting and Disclosure Requirements on Public Companies

By Rajesh De, Christina M. Thomas, Laura D. Richman, Joel Silverstein, Anna T. Pinedo, Jennifer Weinberg & Dominique Shelton Leipzig on March 10, 2022

Posted in Breaches & Incident Response, Cybersecurity, Government Agency Update / Notice, United States

On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules to comprehensively regulate cybersecurity risk management, strategy, governance and incident reporting for public companies (“registrants”). The stated goals…

Cybersecurity and Data Privacy: Navigating a Constantly Changing Landscape

By Rajesh De, Matthew Bisanz, Samantha Machock, Joseph A. Castelluccio, Marcus A. Christian, Nina Flax, Veronica R. Glick, Lawrence R. Hamilton, Sasha Keck, Stephen Lilley, Laura D. Richman, Joel Silverstein, David A. Simon & Jeffrey P. Taft on September 27, 2018

Posted in Cybersecurity, Privacy / Data Protection

The cybersecurity and data privacy landscape continues to change, creating significant new risks for businesses across economic sectors. New types of litigation are emerging, new regulatory regimes are entering into force, and new laws promise yet further compliance challenges in the future. At the same time, a wide range of threat actors are launching more…

SEC Issues Updated Guidance on Cybersecurity Disclosures

By Laura D. Richman, Matthew Bisanz, Rajesh De, Stephen Lilley, Anna T. Pinedo & David A. Simon on February 28, 2018

Posted in Cybersecurity, Government Agency Update / Notice, Regulation

On February 21, 2018, the US Securities and Exchange Commission (SEC) published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.¹ The guidance updates and expands upon CF Disclosure Guidance: Topic No. 2², which was issued by the staff of the SEC’s Division of Corporation Finance (Staff)…