Tag Archives: cybersecurity

Highlighting the “SEC” in cybersecurity: Continued regulatory focus on preparedness and response

In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system. The … Continue Reading

FDA revamps cybersecurity guidance for marketed medical devices

The Food and Drug Administration (FDA) published a draft update to its premarket cybersecurity guidance for device makers on October 18, 2018. The expanded draft guidance includes recommendations on tiered classification of cybersecurity risk, trustworthiness, cybersecurity bill materials, and device cybersecurity labeling that are specific enough to be helpful to manufacturers while at the same … Continue Reading

The new China cybersecurity inspection regulation broadens PSB authority

China’s new “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” went into effect on November 1, 2018. It is the latest regulation passed by China’s Ministry of Public Security that executes China’s Cybersecurity Law, which took effect in June of last year. The regulation gives China’s Public Security Bureaus (PSBs) broad … Continue Reading

DOJ issues updated best practices on cyber incidents; incorporates CISA

On September 27, 2018, as part of the Department of Justice’s (DOJ) cybersecurity roundtable discussion, the DOJ’s Cybersecurity Unit issued Best Practices for Victim Response and Reporting of Cyber Incidents (the Best Practices), including a Cyber Incident Preparedness Checklist. As noted by the DOJ, the Best Practices do not have the force of law, and … Continue Reading

Monetary Authority of Singapore panel urges financial institutions to adopt cybersecurity measures

An international cybersecurity advisory panel formed by the Monetary Authority of Singapore (MAS) has recommended that all financial institutions in Singapore ensure that data stored on the public cloud is kept secure, and that they perform cybersecurity risk assessments on their third-party providers. These proposals were raised at the panel’s second annual meeting, after its … Continue Reading

Southeast Asian nations to form regional framework for cybersecurity cooperation

The Association of Southeast Asian Nations (ASEAN) announced last week that it will create a rules-based framework for its 10 member states to cooperate on cybersecurity matters. The 10 ASEAN members are Singapore (which is the chair for ASEAN this year), Malaysia, Indonesia, the Philippines, Thailand, Vietnam, Brunei, Myanmar, Laos and Cambodia. Singapore is expected … Continue Reading

The UK responds to NISD consultation

The government has published its response to the April 2018 targeted consultation on the Security of Network and Information Systems Directive (NISD). The targeted consultation specifically addressed how NISD will apply to Digital Service Providers (DSPs) in the UK, focusing on the identification of DSPs, security measures and further guidance. This follows the government’s public … Continue Reading

September 4, 2018: NYDFS Cybersecurity Regulation Compliance date arrives

As of today, Covered Entities are expected to be compliant with additional provisions under the New York State Department of Financial Services (NYDFS) cybersecurity regulation. A “Covered Entity” is any individual or non-governmental entity “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, … Continue Reading

EU to create a cybersecurity certification framework

To enhance cyber resilience, the EU is building a certification framework for information and communication technology (ICT) products, services and processes. On 8 June 2018, the Council agreed a Proposal (known as the Cybersecurity Act) to prepare for negotiations with the European Parliament to finalise the text. One of the effects of the Proposal is … Continue Reading

Network and Information Systems Regulations 2018 come into force in the UK and government cybersecurity survey is published

On 10 May 2018, the Network and Information Systems Regulations 2018 (NISR) came into force in the UK. NISR stems from the Network Information Systems Directive 2016 of the EU, which has been covered by this blog previously. Relatedly, on 25 April 2018, the UK government’s Department for Digital, Culture, Media and Sport (DCMS) published … Continue Reading

Being first isn’t always best: SEC settles for $35 million fine for failure to disclose data breach to investors

Company response to major data breach results in first-of-its-kind fine for improper disclosure to investors On April 24, 2018, U.S. Securities and Exchange Commission (SEC) and Altaba Inc., (formerly known as Yahoo! Inc.) agreed to settle SEC Division of Enforcement charges stemming from the compromise of 3 billion Yahoo accounts that occurred in 2013 and … Continue Reading

Keys to the City: Recent developments in New York City address cybersecurity risks

In the wake of recent cyberattacks, cities and states are taking a stand. On March 29, New York City (the City) Mayor Bill de Blasio announced NYC Secure, an initiative that will include a suspicious activity alert app for residents and security upgrades to the City’s public Wi-Fi networks.[1]The initiative is intended as a citywide … Continue Reading

UK government publishes response to its consultation on the Directive on security of networks and information systems

The UK government has published its response to a public consultation on the EU Directive on security networks and information systems (NIS Directive) that opened in August last year. The response sets out the UK’s vision for improving the security of the UK’s essential services by implementing the NIS Directive. The NIS Directive The NIS … Continue Reading

Study identifies cybersecurity and privacy shortcomings in health apps

A recent study conducted by researchers at the University of Piraeus, published in the Institute of Electrical and Electronics Engineers’ Access journal (29 January 2018), has indicated that many popular health apps have significant privacy and cybersecurity failings; many of them do not follow standard practices nor will they comply with the upcoming General Data … Continue Reading

An interview with Indiana AG Curtis Hill

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with Indiana Attorney General Curtis Hill. AG Hill has prioritized rolling back federal overreach and safeguarding consumers from fraud and scams, along with continuing to take a hard line … Continue Reading

Guiding light: SEC adopts updated cybersecurity guidance

Last week, the Securities and Exchange Commission (SEC) unanimously adopted new cybersecurity guidance aimed at assisting public companies in their preparation of cybersecurity risk and incident disclosures. In its new Statement and Interpretive Guidance on Public Company Cybersecurity Disclosures, the SEC is aiming to apply lessons learned from the many major data security incidents that … Continue Reading

Cloud before the storm: Lloyd’s of London report forecasts cloud outage with a chance of multibillion dollar losses

On Tuesday, January 23, Lloyd’s of London co-published a report with AIR Worldwide highlighting the significant financial fallout that could occur in the event of a cyber incident or shutdown of a cloud computing provider in the United States, noting that losses could be to the tune of about $19 billion – of which only … Continue Reading

“An interview with Utah AG Sean Reyes”

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with Utah Attorney General Sean Reyes. AG Reyes is well known as a bipartisan thought leader among AGs on the issues of privacy and cybersecurity. In the interview, he … Continue Reading

Anticipating Risks From and Responding to Cryptocurrency Theft

On November 20-21, 2017, Tether, the company behind USDT, a digital token backed by fiat currencies like the dollar and euro, disclosed that a hack resulted in the loss of $30.95 million worth of tokens. The Tether hack illuminates the privacy, reputational, financial and recovery risks associated with issuing, owning and storing digital currencies. These … Continue Reading

“An Interview with Wisconsin AG Brad Schimel”

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with Wisconsin Attorney General Brad Schimel. AG Schimel has prioritized cybercrime enforcement and prevention for the state. In the interview, he discusses his data privacy and security agenda as … Continue Reading

From the Server Room to the Board Room: D&O and Cybersecurity Emerging Trends

With breaches of nearly 150 million Americans’ personal information flooding the news the last few weeks, followed by the filing of more than 50 class action lawsuits to date, and the announcement of an FTC investigation, cybersecurity is squarely on the minds of and on the table in boardrooms across the country. On September 14, … Continue Reading

Delaware Amends Data Breach Notification Law to Require Reasonable Data Security and Expand the Scope of Personal Information Requiring Notice

On August 17, 2017, Delaware Governor John Carney signed into law House Substitute 1 for House Bill 180, making the first significant amendment to Delaware’s data breach notification law since 2005.  The bill, scheduled to go into effect April 14, 2018, requires private organizations to maintain reasonable security policies and procedures; expands the definition of … Continue Reading

UK government posts new NIS Directive consultation addressing cybersecurity threats

The security and reliability of the UK’s IT infrastructure remains a key priority for the government. In August 2017, the Department for Digital, Culture, Media and Sport launched a public consultation on its plans to transpose the Network and Information Systems Directive (‘NIS Directive’) into UK legislation. (As we reported earlier this year, the UK has … Continue Reading
LexBlog