Cybersecurity

New York DFS Issues New Cybersecurity Guidance

Under New York’s Cybersecurity Regulation, issued in 2017, any entity (a “Covered Entity”) regulated by the New York State Department of Financial Services (DFS) must maintain a risk-based cybersecurity program that protects its information systems and nonpublic data. For years, DFS has allowed Covered Entities to adopt the cybersecurity program of an affiliate. This has…
Read More

Massachusetts Introduces Revolutionary Privacy Bill 

The Massachusetts Senate began deliberating a new privacy law this year. The Massachusetts Information Privacy Act (MIPA) could be one of the strongest data privacy laws in the United States, if passed. Representatives Andy Vargas and Dave Rogers and Senate Majority Leader Cynthia Creem introduced the bill, which currently sits before the Joint Committee on…
Read More
Ransomware

Senate Introduces Ransomware Notification Mandate 

The US Senate has introduced a bill that would require businesses with more than 50 employees to report ransomware payments within 24 hours.  (S. 2666), the “Sanction and Stop Ransomware Act of 2021,” was introduced by the Senate Homeland Security Committee and Governmental Affairs Committee and also would apply to nonprofits, state and local government…
Read More
GDPR

UK Ranks Second Highest in GDPR Fines

A new report from cybersecurity company ESET found that the UK ranks second highest in average GDPR fine value ($10 million), despite issuing the lowest number (five) of GDPR fines in the EU. Spain issued the highest number of fines (273), while Luxembourg issued the highest value fines.  The report found that more than 650…
Read More
Data Sharing

France Moves to Stop Data Sharing with US

Under the CLOUD Act, companies registered in the United States are obligated to share with U.S. authorities data belonging to foreign entities. France’s top cybersecurity official, Guillaume Poupard is working to stop that practice.  Poupard, who is the director general of ANSSI–France’s cybersecurity agency–wants to stop cloud providers like Microsoft, Amazon, and Google from sharing…
Read More
Data Privacy

UAE Moves to Regulate Data Privacy 

The United Arab Emirates (UAE) this week announced plans to move forward with a federal data privacy protection law. Aptly titled the Data Protection Law, the proposed legislation is the first of its kind in the UAE, and comes out of a charter of ten strategic principles called the “Principles of 50,” which are designed…
Read More
SEC

SEC Doubles Down on Safeguards Rule Enforcement

The Securities and Exchange Commission issued sanctions against three financial services companies last week. The sanctions came in response to a series of email-takeover attacks in which Personally Identifiable Information (PII) was exposed.  In each case, the SEC found that the firms failed to implement proper cybersecurity measures against breaches. Each firm was found responsible…
Read More
PHPA

Illinois Passes Law Protecting Household Device Data 

Last week, the Protecting Household Privacy Act (PHPA) became law with Governor JB Pritzker’s signature. The law, which takes effect Jan 1, 2022, stops law enforcement officials from acquiring household electronic data from third-parties without a warrant or consent.  The type of data protected by the new law includes any electronic communication–provided by a human–that’s…
Read More
Securities Exchange Commission

Switzerland and United Kingdom Issue Guidance for Data Transfers to SEC 

Businesses and organizations registered with the U.S. Securities and Exchange Commission are often required to share personally identifiable information (PII) with the regulatory body.  But for entities that have operations outside of the U.S., complying with SEC requests has created a legal conundrum since the European Court of Justice’s Schrems 2.0 ruling–which invalidated the EU-U.S.…
Read More
Cybersecurity

Infrastructure Bill Allocates Nearly $2 Billion to Cybersecurity 

On Tuesday, the U.S. Senate approved a $1 trillion infrastructure package, which it has passed along to the House for approval. The package includes a variety of bills that allocate spending toward critical infrastructure, including roads, railways, bridges, electric vehicles, and telecom companies. The package also allocates more than $1.9 billion toward cybersecurity. The move…
Read More
Back To Top