As an update to prior coverage of the FTC’s final revisions to the Gramm-Leach-Bliley Safeguards Rule (Final Rule), following its publication in the Federal Register on December 9, 2021, the Final Rule now will take effect on January 8, 2022, 30 days … [Read more] about Update: FTC Amendments to the Safeguards Rule and Request for Comment on Proposed Reporting Requirement Published to the Federal Register
The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of new guidance. This new … [Read more] about NYDFS Issues Guidance on Multi-Factor Authentication
Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in this tool, public and … [Read more] about CISA Issues Statement on Log4j Critical Vulnerability
On December 7, 2021, the House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022 (NDAA), which notably excluded any cybersecurity incident reporting requirements. In September, the House approved a previous version … [Read more] about The Cybersecurity Incident Reporting Requirements Fail in the Latest Version of the National Defense Authorization Act
On November 14, 2021, the Cyberspace Administration of China (CAC) released draft Regulations on the Management of Online Data Security (the “Regulations”) for China’s data privacy and security laws, including the Cybersecurity Law … [Read more] about China’s Initial Draft Regulations on the Management of Online Data Security: Important Takeaways