Almost two years after seeking stakeholder input about a final rule under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) announced that it will hold virtual town hall meetings for certain industry sectors in March and April 2026 to solicit additional input on the Notice […]
Crisis & Data Breach Response
New Jersey Expands HIPAA-Based Exemptions Under Its Comprehensive Privacy Law
On January 20, 2026, the New Jersey Governor signed Assembly Bill A5017 (“Amendment”), amending the New Jersey Data Protection Act (“NJDPA”). The Amendment exempts data that is not protected health information (“non-PHI”) from the NJDPA when it is handled by covered entities or business associates in accordance with the privacy and security requirements of the […]
FBI Launches Operation Winter SHIELD in Effort to Advance Cyber Resilience Across Critical Sectors
On January 28, 2026, the Federal Bureau of Investigation (FBI) announced the launch of Operation Winter SHIELD, a coordinated initiative designed to promote adoption of core defensive measures that are shown to mitigate common intrusion vectors. Operation Winter SHIELD identifies ten priority actions the FBI views as important in improving organizational cyber resilience. The FBI […]
UK Cybersecurity Legislation Soon to be Introduced
The UK Government has introduced the Cyber Security and Resilience (Network and Information Systems) Bill (the “Bill”) to Parliament, marking the most significant update to the UK’s cyber legislation since 2018. You can access a copy of the Bill here. The Bill aims to strengthen national security and protect critical infrastructure networks in key sectors […]
Key Breach Notification Updates in California and Oklahoma for 2026
Effective January 1, 2026, new legislation in California and Oklahoma will introduce important updates to each state’s breach notification requirements. These changes may significantly impact breach response obligations for businesses operating in or handling data related to residents of these states. Below is a summary of the key provisions under each law. California – Senate […]