Tag: Cybersecurity
Companies Respond to SEC’s Proposed Cybersecurity Disclosure Framework
As we reported in our March 2022 client alert, the Securities and Exchange Commission released proposed cybersecurity reporting rules and solicited feedback through a 60-day comment period. The comment period ended on May 9, 2022, and the SEC received 100+ comments from business, legal, nonprofit and government sectors. While the […]
36-Hour Breach Notification Rule to Go into Effect for Banking Organizations
On November 18, 2021, three US agencies – the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (FRB) and the Federal Deposit Insurance Corporation (FDIC) – issued a joint rule concerning computer-security incident notifications, which will go into effect on April 1, 2022, with a full […]
Cybersecurity: SEC Enforcement, Disclosure Controls and Risk Factor Disclosure
With the new leadership at the Securities and Exchange Commission, industry commentators expect the Division of Enforcement to be more aggressive in several arenas, including public company disclosure of cybersecurity incidents. While this has been a stated focus of the SEC for more than 10 years, enforcement cases relating to […]
SEC Enforcement Targets Cybersecurity Disclosures Again
Securities and Exchange Commission Chairman Gary Gensler has pledged to bring a renewed focus to robust enforcement of the federal securities laws. As we observed in a recent blog post, under Chairman Gensler and Director Gurbir Grewal, the SEC’s Division of Enforcement will be more aggressive in several arenas—including public company […]
US Supreme Court Narrows Scope of Computer Fraud and Abuse Act in Van Buren, Remands LinkedIn
On June 3, 2021, the US Supreme Court issued its decision in Van Buren v. United States in the Court’s first-ever interpretation of the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute. Van Buren presented the question of whether someone “exceeds authorized access” under the CFAA, see 18 […]
The Long-awaited 2021 Cyber Executive Order
On May 12, 2021, the US president issued an “Executive Order on Improving the Nation’s Cybersecurity.” The EO follows on the heels of the Colonial Pipeline ransomware attack, along with the Codecov and Solar Winds supply-chain attacks. While the EO focuses primarily on internal-government actions, the presidential order expresses hope […]
EU’s Artificial Intelligence Regulation – Tough Tests for Smart Products
EU proposal extends product safety, data protection and cybersecurity concepts to groundbreaking AI regulation What has happened? The European Commission has finally published its much-anticipated proposal for a broad regulation to cover the use of artificial intelligence in the EU. This is a world-first – no other jurisdiction has yet […]

European Commission Proposes Stricter, More Encompassing Cybersecurity Obligations for Companies
The last months of 2020 saw impressive legislative activity by the European Commission, as it rolled out proposals for several regulations (namely, the Data Governance Act, the Digital Services Act and the Digital Markets Act), as well as proposed new Standard Contractual Clauses for international data transfers (expected to be […]

Improving Cyber Insurance Practice Should Be a Company’s Priority
The New York State Department of Financial Services recently issued guidance for New York-regulated property and casualty insurers to effectively manage the cyber insurance risk present in their insurance portfolio. The DFS’ guidance signals an effort to reduce overall volatility in the cyber insurance market, which has been compounded by […]

New York Department of Financial Services Launches Enforcement of Cybersecurity Rules
The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and applies to all financial institutions regulated by the NY DFS.