Information Governance and Risk Management

On January 28, 2017, as part of Data Privacy Day, Facebook shared its data privacy principles for the first time. In a blog post drafted by Erin Egan, Facebook’s Chief Privacy Officer, Facebook posted these principles to help users understand how data is used and managed on the site. Among other things, Facebook’s data privacy

With the May 25, 2018 deadline quickly approaching, many businesses are scrambling to prepare for compliance with the EU’s General Data Protection Regulation (GDPR), and questions and conversations are heating up.  Still others are still trying to wrap their arms around what GDPR is and what it means for U.S. businesses.  For those of you

On December 5, 2017, NIST published a revised version of the NIST Cybersecurity Framework (i.e., Draft 2 of Version 1.1) (“Framework”).  According to NIST, Version 1.1 of the Framework refines, clarifies, and enhances Version 1.0 of the Framework issued in February 2014, and the recently published Draft 2 of Version 1.1 is informed by over

On November 15, 2017, the Trump administration released the Vulnerabilities Equities Policy and Process. This document describes the process by which U.S. agencies and departments determine whether to disclose or restrict information on vulnerabilities in information systems and technologies. The Vulnerabilities Equities Process (VEP) balances whether to disclose vulnerability information to the vendor or supplier

On August 7 2017, the U.S. Securities and Exchange Commission (SEC), through its Office of Compliance Inspections and Examinations (OCIE), published a Risk Alert summarizing observations on how broker dealers, investment advisers, and investment companies have addressed cybersecurity issues. The OCIE examined 75 financial firms registered with the SEC. The examinations focused on the firms’

This month, the Federal Trade Commission (FTC) issued guidance for businesses operating websites and online services looking to comply with the Children’s Online Privacy Protection Act (“COPPA”). COPPA addresses the collection of personal information from children under 13.  Importantly, the determination of whether a business’s website is “directed to children under 13” (and thus subject

On May 31, 2017, the Federal Financial Institutions Examination Council (FFIEC) released an update to its Cybersecurity Assessment Tool.

The Cybersecurity Assessment Tool was originally released by the FFIEC in June of 2015 to help financial institutions identify their risks and assess their cybersecurity preparedness.  The Cybersecurity Assessment Tool is intended to be used by

On March 10, 2017, the White House Office of Management and Budget (“OMB”) released its 2016 Federal Information Security Modernization Act (“FISMA”) Annual Report to Congress. The FISMA Report describes the current state of Federal cybersecurity. It provides Congress with information on agencies’ progress towards meeting cybersecurity goals and identifies areas that need improvement. Additionally,

Vintage toned Wall Street at sunset, NYC.

Today, acting FTC Chairman Maureen K. Ohlhausen and FCC Chairman Ajit Pai issued a joint statement on the FCC’s issuance of a temporary stay of a data security regulation for broadband providers scheduled to take effect on March 2.  In their statement, they advocate for a “comprehensive and consistent framework”, so that Americans do not

In a recent announcement today, Verizon and Yahoo have announced that they are amending the existing terms of their agreement for the purchase of Yahoo’s operating business.  Under the amended terms, Verizon and Yahoo have agreed to reduce the price Verizon will pay by $350 million.  In addition, Yahoo will be responsible for 50% of