The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector. As the number and frequency of cyber attacks continue to grow, regulators have attempted to enhance cybersecurity protections via increased and more rigid incident reporting obligations, leading to a constantly shifting
Webinar — Ballard Partner Phil Yannella to Join Discussion of New Proposed SEC Cyber Rules for Investment Advisors
Since the beginning of the year, the SEC has issued several sets of proposed rules governing cybersecurity. In an upcoming webinar, Ballard Privacy & Data Security partner Phil Yannella will join a panel discussion hosted by SEI Investments concerning the impact of these new rules on registered investment advisors and funds. You can register…
Cyber Incident Reporting for Critical Infrastructure Act Becomes Law
On March 15, 2022, President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which increased funding for the federal Cybersecurity and Critical Infrastructure Agency (CISA) and outlined new rules and requirements for companies and organizations to follow.
Notably, CIRCIA requires owners and operators of critical infrastructure to report cyber…
Podcast – New Privacy Litigation Targets Sharing of Consumer Personal Data
On the latest episode of our podcast, Business Better, our Ballard lawyers discuss emerging trends in privacy litigation. Issues we discuss include companies sharing and selling consumer data, plaintiffs’ liability theories, including the right of publicity, and best business practices to consider in anticipation of privacy claims.
Leading this discussion is Aliza Karetnick, a Partner…
New SEC Proposed Cyber Rules Signal Concern About Systemic Risk
After many years of signaling potential expansion of cybersecurity rules, the Securities and Exchange Commission (SEC) has issued in the past month two new sets of proposed rules governing cybersecurity. The more recent set of proposed rules governs the disclosure of unscheduled material cyber events by public companies. These rules come on the heels of…
SEC Proposes New Disclosure Rules for Cyber Incidents
On March 9, 2022, the SEC proposed a new rule to enhance and standardize disclosures regarding cybersecurity incidents, risk management, strategy, and governance. If approved, public companies subject to the reporting requirements of the Securities and Exchange Act of 1934 will be subject to new disclosure requirements regarding (1) Cybersecurity Incidents, and (2) Cybersecurity Risk Management, Strategy, and Governance.
Continue Reading SEC Proposes New Disclosure Rules for Cyber Incidents
Colorado AG’s Office Issues Data Security Guidance
On January 28, 2022 the Consumer Protection Section of the Colorado Attorney General’s Office issued guidance regarding data security best practices. Businesses subject to the Colorado Privacy Act can look to these best practices as a roadmap for the technical and organizational data security safeguards the law requires businesses to implement.
The guidance instructs covered…
Predictions for Privacy & Data Security in 2022
2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening insurance market, and significant corporate anxiety. Two more U.S. states passed comprehensive data privacy laws in 2021. The FTC was very active, issuing new guidance for artificial intelligence (AI), publishing revisions to the GLBA Safeguards Rule, and bringing new enforcement actions. The U.S. Supreme Court issued a number of opinions that had the effect of narrowing the scope of key privacy statutes while biometric litigation in Illinois exploded. The European Commission promulgated new rules for cross-border transfers, and U.S. state regulatory enforcement activities ramped up. …
Continue Reading Predictions for Privacy & Data Security in 2022
Federal Financial Regulators Tighten Timelines for Reporting Ransomware Attacks
As anticipated, the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Federal Reserve”), and the Federal Deposit Insurance Corporation (“FDIC”) recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”). This Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic. It places new reporting requirements on both U.S. banking organizations, as well as bank service providers. …
Continue Reading Federal Financial Regulators Tighten Timelines for Reporting Ransomware Attacks
Ballard PDS Partner to Join Ankura For Cybersecurity Webinar
On February 10, 2021, Phil Yannella, Chair of Ballard’s Privacy & Data Security Group, will join Ankura for a webinar, “2020 Cyber Year in Review”, which will recap cybersecurity events for 2020. Panel members will also offer their predictions for what cybersecurity issues will dominate headlines in 2021. You can register for the event here.