On October 25, 2023, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Department of Health and Human Services (“HHS”) released a cybersecurity toolkit containing resources and information that organizations in the healthcare and public health (HPH) sector can utilize
Inside Cybersecurity & Privacy Law
Exploring the evolution of cybersecurity and privacy law
Blog Authors
Latest from Inside Cybersecurity & Privacy Law
NYDFS Releases Amendment to Cybersecurity Regulation
On November 1, 2023, the New York Department of Financial Services (“NYDFS”) finalized the amendment to its cybersecurity regulation (the “Amendment”). The Amendment expands cybersecurity requirements across many areas—from governance to incident response to access controls.
The Amendment follows the…
President Biden Issues Broad Executive Order on Artificial Intelligence
On October 30, 2023, President Joe Biden issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intellence (the “AI EO”). Directing numerous actions by federal agencies, the AI EO reflects the Biden Administration’s intent…
Upcoming Publication of New NYDFS Cybersecurity Requirements for Financial Services Companies
The Second Amendment to the New York Department of Financial Services’ (“NYDFS”) Cybersecurity Requirements for Financial Services Companies (the “NYDFS Requirements”) is expected to be published in final form in the next two weeks. The Second Amendment will follow updated…
EU Cyber Resilience Act Moves Closer to Adoption
On 13 September 2023, negotiations began between European institutions to adopt the text of the EU Cyber Resilience Act (the “CRA”). If adopted, the CRA will impose a set of software security, cybersecurity, and vulnerability management requirements on products with…
CFPB Initiates Fair Credit Reporting Act Rulemaking Focusing on Data Brokers
On September 25, 2023, the Consumer Financial Protection Bureau (“CFPB”) began its most substantial Fair Credit Reporting Act (“FCRA”) rulemaking yet with an outline of proposed changes to Regulation V, which implements FCRA, ahead of the Bureau’s Small Business Advisory Review…
Round-Up: Proscriptive ICTS Supply Chain Regulation as a Means of Addressing Cyber Risk
Cybersecurity Awareness Month is a good time to highlight one trend in federal efforts to address cyber risk: proscriptive regulation of the information and communications technology and services (“ICTS”) supply chain.
Supply chain risk management is a broad field encompassing,…
Software Security: Recent Policy Actions Highlight Importance of Mitigating Legal Risks
Recent high-profile cyber incidents involving exploitation of software vulnerabilities—such as the SolarWinds and MOVEit incidents—have increased scrutiny of the security of the software upon which corporate and government customers rely. Though phishing and social engineering continue to be leading causes…
China Proposes Easing of Cross-Border Data Controls
On the eve of the “Golden Week” in China, the Cyberspace Administration of China (CAC) published the draft Provisions on Regulating and Promoting Cross-Border Data Transfers (the “Draft Provisions”) on 28 September 2023.1
The Draft Provisions provide a welcome rollback…
FAR Changes Proposed to Standardize Important Cybersecurity Requirements and to Impose New Cyber Threat, Incident Reporting and Information Sharing Rules
Last week, the government announced two sets of proposed revisions to the Federal Acquisition Regulation (FAR) to improve the cybersecurity of the government’s information systems. Both sets of revisions relate to President Biden’s May 2021 Executive Order 14028 on Improving…