The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these … [Read more] about NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations
As ransomware attacks continue to dominate the news cycle, legislation has recently been introduced in several states that would place limits on certain entities’ ability to pay a ransom payment in the event of a ransomware attack. Although the … [Read more] about State Legislatures Consider Bans on Ransomware Payments
Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation: Are controllers and processors obliged … [Read more] about Alston & Bird Publishes FAQs – Standard Contractual Clauses for Controllers and Processors in the EU/EEA
The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security incident was the subject … [Read more] about SEC Settles Enforcement Action for Disclosure Controls Violations Stemming from Data Security Incident
Following the creation of the DOJ’s Ransomware and Digital Extortion Task Force in April 2021 and on the heels of the Biden administration’s characterization of ransomware as a national security threat, on June 7, 2021, the DOJ announced it has … [Read more] about DOJ Seizure of Ransom Payment Signals More Aggressive Stance by U.S. Government