Cybersecurity

After much anticipation, the Securities and Exchange Commission (the “Commission”) has adopted Regulations (the “Regulations”) regarding public companies’ obligations to include disclosure in annual reports on Form 10-K (Form 20-F for foreign issuers) regarding material cybersecurity risks, risk management and governance, and to file current reports on Form 8-K (for 6-K for foreign issuers) to report material cybersecurity incidents. The Commission adopted many of the reporting requirements proposed in the March 2022 draft of the Regulations and discussed in our prior blog post. Notably, the obligation to disclose information regarding the Board of Directors’ cybersecurity expertise was eliminated from the final Regulations based on feedback from commentors who objected to this requirement. In the coming days, we will publish a thorough article regarding public companies’ new reporting obligations, but in this post we briefly summarize the new requirements adopted.

Continue Reading SEC Adopts Final Cybersecurity Risk Management and Incident Disclosure Regulations

As we reported in a previous blog post, the New York Department of Financial Services (“NYDFS”) proposed a raft of amendments to its landmark Cybersecurity Regulations (the “Regulations”) in 2022 (the “2022 Proposed Amendment”), adding substantial complexity to covered entities’ compliance obligations. Now, less than a year later, the NYDFS has published a proposed revised draft of the 2022 Proposed Amendment (as revised, the “2023 Proposed Amendment”). While not as extensive as the 2022 Proposed Amendment, the 2023 Proposed Amendment will nevertheless have a significant impact on how your organization complies with the Regulations.

Continue Reading NYDFS Revises Its Proposed Amendments to Cybersecurity Regulations

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

A Guide Comparing EU, China, ASEAN Standard Contracts for Data Transfers | Privacy World

Digital Assets in England and Wales:

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

The EU Approach to AI Regulation: Texts That Generative AI  Will Not Come Up With | Privacy World

Singapore Open-sources

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

The Philippines Consults on Draft Consent and Private Identification Cards Guidelines | Privacy World

Southeast Asia and the EU Publish

2023 has swiftly become the year of the U.S. National Cybersecurity Strategy.  On March 2, 2023, the Biden Administration issued its National Cybersecurity Strategy brief, outlining its vision to: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. In furtherance of the goal to defend critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” (the “Report”), on April 13.

Calling the current state of technology “vulnerable by design,” the Report aims to encourage technology manufacturers to integrate security into their products from the ground up, factoring security into product development beginning at the design phase.  In addition to the CISA, several American security agencies (the National Security Agency and Federal Bureau of Investigation) and international cybersecurity agencies (from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand) collaborated to provide a unified recommended approach to the development of both software and hardware.  Below, we break down what the Report means for the tech sector.

Continue Reading New CISA Guidelines Lay Out Unified International Principles on Security-by-Design and Security-by-Default

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

New York Releases Data Security Guide to Help Businesses Protect Personal Information | Privacy World

Selfie ID Biometric Verification Vendor’s

On April 19th, New York’s Attorney General, Letitia James, released a document titled, “Protecting consumer’s personal information: Tips for businesses to keep data safe and secure” (the “guide”), a resource to help businesses adopt effective data security measures. It draws on the Office of the Attorney General’s (“OAG”) experience investigating and prosecuting cybersecurity breaches,

We are pleased to announce that SPB’s Kristin Bryan will be speaking at the upcoming Cybersecurity & Privacy Protection Conference on Thursday, April 20 at 8:15 a.m. EDT. Kristin will be joined by the Regional Director from the Federal Trade Commission and a staff attorney from the Securities and Exchange Commission. This live event will

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Singapore Appointed as Deputy Chair of the Global Cross-Border Privacy Rules Body | Privacy World

Italian OpenAI : May (A)I?