Board Governance & Cyber Risk Management

CISA and NSA Highlight Technology Gaps in New Guidance on Identity and Access Management

October 13, 2023 By Kim Peretti, Andrew Rice and Colton Jackson

On October 4, 2023, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published Identity and Access Management: Developer and Vendor Challenges, an advisory document developed by the Enduring Security Framework (ESF). The ESF is a CISA and NSA led cross-sector, public-private working group that works to address risks to U.S. National […]

CISA Releases Advisory Concerning Chinese-Backed Threat Actor

October 9, 2023 By Kim Peretti

On September 27, 2023, The U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japanese National Police Agency (NPA), and the Japanese National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released a joint cybersecurity advisory (CSA) concerning the recent activity of […]

New York Continues to Focus on Companies’ Data Security Practices

October 6, 2023 By Kim Peretti and Kristen Bartolotta

New York Attorney General Letitia James recently announced two agreements related to data breaches with entities that operate in the education industry. In both instances the entities paid the ransom and received evidence of deletion of the stolen data. Most recently, on October 5, 2023 the Office of the Attorney General (OAG) announced a $49.5 […]

Penn State University Hit With False Claims Act Suit for Alleged Cyber Security Deficiencies

September 25, 2023 By Privacy, Cyber & Data Strategy Team

On September 1, 2023, the U.S. District Court for the Eastern District of Pennsylvania unsealed a qui tam False Claims Act (“FCA”) lawsuit (originally filed on October 5, 2022) alleging Penn State University failed to provide “adequate security” for Covered Defense Information, as contractually required by Defense Federal Acquisition Regulation Supplement (“DFARS”) 252.204-7012. DFARS requires […]

UK Government Makes a Bridge to The EU-U.S. Data Privacy Framework

September 22, 2023 By Alice Portnoy and Wim Nauwelaerts

On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal data from the UK to the U.S. on the basis of the recently enacted EU-U.S. Data Privacy Framework (“DPF”). The UK Government […]