Board Governance & Cyber Risk Management

NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

November 18, 2022 By Kim Peretti, Kate Hanniford, Ashley Miller and Lance Taubin

The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022. DFS issued a minor amendment on April 2, 2020, revising the certification of compliance date (from February to April). The Proposed Second Amendment follows DFS’s “pre-proposed” draft […]

FTC Delays Effective Date of Certain Changes to the Safeguard Rule

November 17, 2022 By Kathleen Benway and Hyun Jai Oh

On November 15, 2022, the Federal Trade Commission (FTC) announced that it is delaying the effective date of certain changes to the Gramm–Leach–Bliley Safeguards Rule. The Safeguards Rule, which first became operative in 2003, imposes certain security requirements on non-banking financial institutions. The FTC amended the Rule in December 2021, and several provisions under the […]

European Parliament Adopts “NIS2” Cybersecurity Directive

November 13, 2022 By Paul Greaves

On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (the “NIS Directive”). The objective of the NIS2 Directive is to achieve a higher level of cybersecurity within the EU […]

California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations

November 7, 2022 By Privacy, Cyber & Data Strategy Team

On November 3, 2022, the California Privacy Protection Agency (“CPPA”) issued a notice of modifications to the Proposed Regulations implementing the California Privacy Rights Act (“CPRA”). These proposed modifications come in response to public comments on, and are meant to clarify, previously issued modifications. The modifications, which are largely based on the Modified Proposed Regulations […]

UK’s National Cyber Security Centre Releases 2022 Annual Review

November 7, 2022 By Kim Peretti and Kristen Bartolotta

The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security threats in the country. As the UK’s technical authority for cyber security, the NCSC releases an annual report covering the cyber threats from the prior 12 months as well as analysis of potential […]