Less than a month ago, a critical vulnerability was identified in the ubiquitous, open source Log4j tool prompting swift guidance from Cybersecurity and Infrastructure Security Agency (CISA) and other security practitioners. Now, the Federal Trade Commission (FTC) has warned companies that it “intends to use its full legal authority” against any company that fails to […]
Board Governance & Cyber Risk Management
Time to Restore Trust in Data Flows between Countries? Peter Swire Discusses Recent OECD Efforts in Developing Principles for Government Access to Data.
Alston & Bird Senior Counsel Peter Swire recently published an article in Lawfare titled, “Towards OECD Principles for Government Access to Data.” Peter and his co-authors discuss recent efforts of the Organization for Economic Cooperation and Development (OECD) to formulate common principles regulating governmental access to personal data held by the private sector for national […]
Update: FTC Amendments to the Safeguards Rule and Request for Comment on Proposed Reporting Requirement Published to the Federal Register
As an update to prior coverage of the FTC’s final revisions to the Gramm-Leach-Bliley Safeguards Rule (Final Rule), following its publication in the Federal Register on December 9, 2021, the Final Rule now will take effect on January 8, 2022, 30 days after publication in the Federal Register. Revisions to the Final Rule include an […]
NYDFS Issues Guidance on Multi-Factor Authentication
The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of new guidance. This new guidance is consistent with its June guidance, in which NYDFS clarified its expectation that NYDFS-regulated covered entities subject to 500.12 […]
CISA Issues Statement on Log4j Critical Vulnerability
Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in this tool, public and private sector security partners are issuing warnings about this “critical vulnerability.” While the full scope […]