On October 27, 2021, the FTC released its much-anticipated final revisions to the Gramm-Leach-Bliley Safeguards Rule (Safeguards Rule or Final Rule), following a 3-2 vote along party lines and also released a notice of proposed rulemaking that would require reporting to the FTC of certain cybersecurity events. Revisions to the Safeguards Rule Effective since 2003, […]
Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC
Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]
U.S. Government Launches StopRansomware.gov
On July 15, 2021, the DOJ and DHS together with additional federal partners launched StopRansomware.gov, a one-stop hub intended to help the private and public sector mitigate the threat of ransomware. The website includes a range of resources geared towards private organizations, public and private critical infrastructure sectors, K-12 educational institutions, and state, local, tribal, […]
NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations
The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware or unauthorized access to privilege accounts to the NYDFS under its established […]
SEC Settles Enforcement Action for Disclosure Controls Violations Stemming from Data Security Incident
The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security incident was the subject of the first set of charges brought by the New York Department of Financial Services […]