On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer information of 500 or … [Read more] about FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions
At the end of September 2023, the Cyberspace Administration of China (CAC) released draft regulations (see the unofficial English translation) regulating the cross-border flow of personal information and important data out of the Peoples Republic of … [Read more] about China Releases Major Changes in its Draft Regulations on Cross-border Data Flows
The Federal Bureau of Investigation (FBI) issued a Private Industry Notification on September 27, 2023, highlighting two concerning ransomware trends and providing companies with guidance on mitigating potential threat actor activity. As of July … [Read more] about FBI Cautions Organizations on Dual Ransomware Attacks
On October 4, 2023, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published Identity and Access Management: Developer and Vendor Challenges, an advisory document developed by the Enduring Security … [Read more] about CISA and NSA Highlight Technology Gaps in New Guidance on Identity and Access Management
On September 27, 2023, The U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japanese National Police Agency (NPA), and the Japanese National … [Read more] about CISA Releases Advisory Concerning Chinese-Backed Threat Actor