Kim Peretti

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

Key Breach Notification Updates in California and Oklahoma for 2026

October 24, 2025 By Kim Peretti and Alysa Austin

Effective January 1, 2026, new legislation in California and Oklahoma will introduce important updates to each state’s breach notification requirements. These changes may significantly impact breach response obligations for businesses operating in or handling data related to residents of these states. Below is a summary of the key provisions under each law. California – Senate […]

Government Shutdown Creates Lapse in Cyber Threat Information Sharing

October 23, 2025 By Kim Peretti and Scott Hilsen

The day before the recent federal government shutdown, a ten-year old cybersecurity law expired before it could be reauthorized. The Cybersecurity Information Sharing Act of 2015 (“CISA”) provided a mechanism for private companies to share information with the federal government about cyber threats in return for certain legal protections. CISA applied only when the information […]

United States, International Coalition Issue Joint Warning of Increasing PRC Backed Threat Activity

September 10, 2025 By Kim Peretti, Lance Taubin and Andrew Rice

On August 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the United States Department of Defense Cyber Crime Center (DC3) issued a joint advisory (Advisory) highlighting increased cyber threat activity linked to People’s Republic of China (PRC) affiliated threat […]

CISA Gives Itself an Extension for Cyber Incident Reporting Rules

September 10, 2025 By Kim Peretti and Scott Hilsen

The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities. The original deadline of October 2025 was pushed by six months to May 2026. Under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), passed in 2022, critical infrastructure entities […]

Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions

August 22, 2025 By Kim Peretti, Alysa Austin, Ashley Miller and Lance Taubin

Rhode Island has enacted Senate Bill 603 (SB603), effective July 2, 2025, establishing a comprehensive cybersecurity framework for nonbank financial institutions licensed by the state’s Department of Business Regulation (DBR). Although SB603 is closely modeled after the New York Department of Financial Services’ (NYDFS) Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), SB603 introduces several […]