Incident Notification Obligations

Subscribe to Incident Notification Obligations

FAR Changes Proposed to Standardize Important Cybersecurity Requirements and to Impose New Cyber Threat, Incident Reporting and Information Sharing Rules

By Marcia Madsen, Stephen Lilley, Adam Hickey & Luke Levasseur on October 10, 2023

Posted in National Security, Regulation, United States

Last week, the government announced two sets of proposed revisions to the Federal Acquisition Regulation (FAR) to improve the cybersecurity of the government’s information systems. Both sets of revisions relate to President Biden’s May 2021 Executive Order 14028 on Improving the Nation’s Cybersecurity.

First, the Department of Defense (DoD), the General Services Administration…

NIS2 Directive New Cybersecurity Rules Expected in the EU

By Ana Hadnes Bruder, David A. Simon & Reece Randall on October 6, 2022

Posted in Cybersecurity, EU / EEA

The European Council and European Parliament recently reached a provisional agreement on the text for the EU’s proposed Directive on minimum cybersecurity standards to be implemented across the EU (NIS2). The text is expected to be formally adopted in the coming months. NIS2 seeks to replace and strengthen the EU’s current Network and Information Society…

US National Futures Association Adopts Notification Requirement for Certain Cybersecurity Incidents

By Jeffrey P. Taft & Matthew Bisanz on January 18, 2019

Posted in Breaches & Incident Response, Financial Services, Regulation, United States

On January 7, 2019, the US self-regulatory organization the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation.¹ As discussed below, the NFA’s amendments represent the continued maturation of information security in the US financial services sector and are incremental, rather…