On July 11, 2024, the New York Department of Financial Services (“NYDFS”) released Insurance Circular Letter No. 7, which establishes guidelines on the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing (“Final Circular Letter”). The Final Circular Letter comes in the wake of a […]
Pennsylvania Amends Data Breach Notification Law
Pennsylvania’s Governor recently approved amendments to the Commonwealth’s data breach notification law, which represent a significant overhaul to the law. As detailed below, the amended law makes a number of material changes, including adding a regulator notification requirement, lowering the threshold of impacted Pennsylvania residents triggering a notification requirement to the consumer reporting agencies, slightly […]
SEC Corporation Finance Director Clarifies that Form 8-K Item 1.05 Disclosures Should be Limited to “Material” Cybersecurity Incidents
On May 22, 2024, the Director of the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued further guidance regarding disclosure of cybersecurity incidents on Form 8-K. The statement builds upon and provides additional clarity to companies seeking to comply with the SEC’s 2023 cybersecurity rules, which require public […]
NIST Cybersecurity Framework 2.0 Prioritizes Governance and Flexibility
Earlier this year, the National Institute of Standards and Technology (NIST) issued an update to its Cybersecurity Framework (CSF) with the release of version 2.0, the first update since April 2018 (version 1.1). While the core components of CSF remain, there are two thematic changes: CSF 2.0 (1) no longer applies just to critical infrastructure […]
FBI and CISA Warn of Chinese Cyberattacks on U.S. Critical Infrastructure
Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency and their counterparts in Australia, Canada, […]