Topic: Data and cybersecurity
Subscribe to Data and cybersecurityNYDFS settles with insurance companies over failures in their cybersecurity programs
December 12, 2024
On November 25, 2024, the New York State Department of Financial Services (“NYDFS”) announced it settled with two large insurance companies over allegations of inadequate data security practices in violation of New York’s cybersecurity regulation (23 NYCRR Part 500) (the “Cybersecurity Regulation”) that led to the compromise of more than 120,000 New Yorkers’ personal information.
A long time coming: Australia’s first Cyber Security Bill 2024
December 03, 2024
On 9 October 2024 (appropriately, nine days into Cyber Month), the government introduced its long awaited, first ever draft cyber security legislation, in the form of the Cyber Security Bill 2024 (the Bill) to Parliament.
2024 Technology Privacy and Cybersecurity Summit | November 25 – 28, 2024
November 20, 2024
Norton Rose Fulbright Canada invites you to its leading annual technology, privacy, and cybersecurity virtual summit. Learn how to leverage AI for a competitive edge while mitigating its inherent risks.
BNPL: A brave new world for consumer credit
November 04, 2024
On 17 October 2024, HM Treasury (HMT) issued a consultation paper (CP) which sets out the government’s approach to regulating buy now pay later (BNPL). This CP builds on HMT’s previous consultations that ran between February 2023 and April 2023.
New York Department of Financial Services addresses cybersecurity risks from artificial intelligence
October 30, 2024
On October 16, 2024, the New York Department of Financial Services (“NYDFS” or “DFS”) issued guidance raising awareness about combatting cybersecurity risks arising from artificial intelligence (“AI”) used by DFS licensees, such as insurers and virtual currency businesses. Risks revolve around both threat actors’ use of AI offensively and businesses’ increasing AI reliance. The short guidance acknowledges that many AI-related risks exist, focuses on those risks specific to cybersecurity, and highlights some of the NYDFS’s key risks
12th Annual European Data Protection Conference
August 01, 2024
Please join us at our 12th Annual European Data Protection Conference.
The conference will take place in:
Frankfurt | Monday, September 30, 2024 | 11:00 – 14:30 CEST
Amsterdam | Tuesday, October 1, 2024 | 09:00 – 12:30 CEST
Paris | Wednesday, October 2, 2024 | 09:00 – 12:30 CEST
London | Thursday, October 3, 2024 | 09:00 – 12:30 BST
The conference will take place in:
Frankfurt | Monday, September 30, 2024 | 11:00 – 14:30 CEST
Amsterdam | Tuesday, October 1, 2024 | 09:00 – 12:30 CEST
Paris | Wednesday, October 2, 2024 | 09:00 – 12:30 CEST
London | Thursday, October 3, 2024 | 09:00 – 12:30 BST
Malaysia introduces watershed amendments to Personal Data Protection Act 2010
August 01, 2024
On 16 July 2024, the Malaysian Dewan Rakyat (House of Representatives of the Malaysian Parliament) passed the Personal Data Protection (Amendment) Bill 2024 (the PDP Bill). The PDP Bill, which had been under review by the Malaysian Government for some years, introduces significant changes to Malaysia’s Personal Data Protection Act 2010 (the Malaysian PDPA), aimed at aligning the Malaysian approach more closely with international data protection regimes.
SEC statement clarifies material cybersecurity incident disclosure requirement
June 12, 2024
In July 2023, the US Securities and Exchange Commission (SEC) finalized its rule requiring public companies to disclose material cybersecurity incidents under Item 1.05 of Form 8-K. Though materiality is not a new concept in SEC regulations, in the context of cybersecurity incidents, materiality assessments and disclosure practices are evolving areas with little practical precedent or guidance to draw upon. Fundamentally, an incident is considered material if “there is a substantial likelihood that a reasonable shareholder would consider it important” in making an investment decision.1 This includes assessing all relevant qualitative and quantitative factors, such as reputation, customer and vendor relationships, and competitiveness, in addition to financial and operational impacts, as well as potential litigation and regulatory actions.
The US government, privacy, and security: recent developments
May 09, 2024
The United States Federal Government is turning its attention to privacy and cybersecurity laws, and the result has been several recent legal developments that may have an impact on your business. Keeping up with these developments is not easy, so we’ve created a fun way to test your knowledge of the same.
CISA issues proposed rules for cyber incident reporting in critical infrastructure
April 24, 2024
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors. The CIRCIA was originally enacted in part as a response to recent attacks on critical infrastructure, such as the ransomware attack on Colonial Pipeline in May 2021, but CISA’s proposed regulations take a surprisingly broad view of who may be considered a covered entity and what incidents are reportable.