Lance Taubin

About Lance Taubin

Lance Taubin is an associate with Alston & Bird’s Privacy, Cyber & Data Strategy team. He advises clients on data privacy and cybersecurity compliance and enforcement, managing cyber risk, breach investigations, and response and transactional diligence.

[Read Bio]

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

July 11, 2023 By Kim Peretti, Kate Hanniford, Ashley Miller and Lance Taubin

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second Amendment, which was published November 9, 2022. While the language proposed is largely similar to the previous […]

SEC’s Proposed Cybersecurity Rules Delayed Yet Again

July 6, 2023 By Kim Peretti, Lance Taubin and John Heflin

On June 13, 2023, the Securities and Exchange Commission (“SEC”) published its Spring 2023 rulemaking agenda that delayed finalizing the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies and proposed rule on Cyber Risk Management for Investment Advisers, Registered Investment Companies and Business Development Companies until at least October 2023. […]

CL0P Ransomware Gang’s Exploitation of MOVEit Vulnerability: What It Means for Companies

June 12, 2023 By Kim Peretti, Alysa Austin and Lance Taubin

On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously undetected) vulnerability in Progress Software’s managed file transfer software (MOVEit Transfer), exploited by the CL0P ransomware group. CL0P publicly claimed responsibility for exploiting the […]

NYDFS Penalizes bitFlyer $1.2 Million for Violations to Cybersecurity Regulation

May 13, 2023 By Kim Peretti, Kate Hanniford, Lance Taubin and Ashley Miller

On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure to conduct periodic risk assessments to sufficiently inform the design of bitFlyer’s cybersecurity program (as required by 23 NYCRR § 500.09(a)). BitFlyer […]

China’s Standard Contractual Clauses for Cross-Border Transfers of Personal Information

April 3, 2023 By Kim Peretti and Lance Taubin

On February 24, 2023, the Cyberspace Administration of China (“CAC”) released its final version of the Standard Contract Measures for Exporting Personal Information (“Standard Contract Measures”), accompanied by a template contract outlining the standard contractual clauses (the “PIPL SCCs”). The Standard Contract Measures are effective June 1, 2023, however, organizations transferring personal information outside of […]