National Institute for Standards and Technology (NIST)

Department of Justice Intervenes in Cybersecurity Qui Tam Action Against Georgia Tech

August 30, 2024 By Kim Peretti, Andrew Liebler and Andrew Rice

On Thursday, August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention in the case of United States of America ex rel. Christopher Craig and Kyle Koza, v. Georgia Tech Research Corp. and Board of Regents of the University System of Georgia (d/b/a the Georgia Institute of Technology) (United States v. Georgia […]

NYDFS Releases Circular Letter on Use of AI in Insurance Underwriting and Pricing

February 1, 2024 By Kim Peretti, Daniel Felz, Lance Taubin and Colton Jackson

On January 17, 2024, the New York State Department of Financial Services (“NYDFS”) issued a proposed circular letter for comment regarding the “Use of Artificial Intelligence Systems and External Consumer Data and Information Sources in Insurance Underwriting and Pricing” (the “Circular Letter”). The Circular Letter details NYDFS’ expectations and guidelines for the use of artificial […]

NHTSA Updates its Guidance on Cybersecurity Best Practices for the Safety of Modern Vehicles

September 15, 2022 By Kim Peretti and Kristen Bartolotta

On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of which was published in 2016. This most recent edition of this non-binding guidance leverages agency research, industry voluntary standards, and […]

New Law Requires HHS to Consider Recognized Security Practices as Mitigating Factor When Determining Penalties

January 21, 2021 By Privacy, Cyber & Data Strategy Team

On January 5, 2021, the president signed into law H.R. 7898, an Act that amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Secretary of Health and Human Services (HHS) to consider specific recognized security practices of covered entities and business associates when making certain determinations regarding fines, penalties, […]

NIST Releases Updated Cyber Framework V1.1

December 6, 2017 By Privacy, Cyber & Data Strategy Team

On December 5, 2017, the National Institute of Standards and Technology (NIST) released a revised draft of its proposed updates to its Framework for Improving Critical Infrastructure Cybersecurity. The revised draft includes a new section on communicating with stakeholders about cybersescurity requirements, addresses stakeholder concerns regarding cybersecurity supply chain risk management and measuring cybersecurity risks […]