This last week saw significant compliance and enforcement activity with respect to both GDPR and the FTC.  Specifically, we saw two significant GDPR fines handed down by the UK Information Commissioner’s Office (ICO) against British Airways (approx. $230 million) and Marriott International (approx. $130 million).  In addition, Facebook settled with the FTC for the largest

With the May 25, 2018 deadline quickly approaching, many businesses are scrambling to prepare for compliance with the EU’s General Data Protection Regulation (GDPR), and questions and conversations are heating up.  Still others are still trying to wrap their arms around what GDPR is and what it means for U.S. businesses.  For those of you

On December 5, 2017, NIST published a revised version of the NIST Cybersecurity Framework (i.e., Draft 2 of Version 1.1) (“Framework”).  According to NIST, Version 1.1 of the Framework refines, clarifies, and enhances Version 1.0 of the Framework issued in February 2014, and the recently published Draft 2 of Version 1.1 is informed by over

On August 1, 2017, the Senate introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2017”, which aims to bolster the security of government-acquired IoT devices.  Sponsored by Sens. Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden (D-OR), and Steve Daines (R-MT), the bill would require connected devices purchased by the government agencies to

Earlier this month, the new cybersecurity regulation from the New York Department of Financial Services (“DFS“) took effect. The new regulation requires banks, insurance companies and other financial services institutions regulated by the DFS to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New

On January 10, 2017, NIST issued an update to the NIST Cybersecurity Framework (v.1.1).  After reviewing public comment and convening a workshop, NIST intends to publish a final version of this Version 1.1 in the fall of 2017.

Key updates the framework include:

  • Metrics.  A new section 4.0 on Measuring and Demonstrating Cybersecurity to