In June, the Federal Trade Commission released a new guide for businesses on implementing sound data security protections and procedures. In “Protecting Personal Information: A Guide For Business,” the FTC offers “10 practical lessons” based on the numerous enforcement actions brought by the FTC. The guide offers insight into the thinking of this key federal […]
Cyber Risk
President Trump Signs Long-Awaited Cyber Executive Order
On May 11, 2017, President Trump signed a long-awaited executive order on cybersecurity (the “Order”). The Order directs executive agencies to complete a risk management report based on the NIST Cybersecurity Framework (the “Framework”) and also requires the Department of Homeland Security (DHS) and other agencies to undertake activities in support of effective cybersecurity risk […]
Bank Regulators Issue Advanced Notice of Proposed Rulemaking on Cyber Risk Governance and Management Regulations
More regulators (apart from the FTC) are now taking note of cybersecurity issues in the financial services industry and are taking steps to protect the industry and its consumers. Earlier this year, the Consumer Financial Protection Bureau (“CFPB”) issued its first enforcement action on data security against an online payment system. In June, the Federal […]
New York State Financial Services Regulator Issues Proposed Cybersecurity Regulations
On September 13, 2016, Governor Andrew Cuomo announced the issuance of proposed “first-in-the-nation” cybersecurity regulations for entities regulated by the New York Department of Financial Services (DFS), including jurisdictional banks, insurance companies, and other financial institutions. The proposed regulation will be subject to a 45-day comment period prior to being issued as a final rule. […]
Centers for Medicare and Medicaid Services Issues Emergency Preparedness Requirements That Address Cyber-Attacks
The Centers for Medicare and Medicaid Services (“CMS”) issued a final rule on September 8th, 2016 establishing national emergency preparedness requirements for providers and suppliers participating in Medicare and Medicaid in response to “inconsistency in the level of emergency preparedness amongst healthcare providers.” The rule will be officially published in the Federal Register on September […]