In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software resilience and security for businesses and organizations. (See here for details of the…
Articles Posted in Cybersecurity and Privacy
Key Takeaways from the UK’s AI Summit: The Bletchley Declaration
The United Kingdom hosted an Artificial Intelligence (AI) Safety Summit on November 1 – 2 at Bletchley Park with the purpose of bringing together those leading the AI charge, including international governments, AI companies, civil society groups and research experts to consider the risks of AI and to discuss AI…
UK Financial Regulators to Oversee Critical Third Parties
In UK Financial Regulators to Oversee Critical Third Parties, our colleagues Lee Rubin and Mark Booth discuss the proposed new regime that will grant UK federal regulators a range of powers over third parties that provide critical services to the financial sector.
New EU Guidance Clarifies When Data Transfers Need to be “Safeguarded”
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and importantly when they do not). In particular: A non-EU controller or processor that is subject to the GDPR (e.g.,…
As European Regulators Take the Use of Cookies More Seriously, Here Are the Basics for Compliance
This week the European Data Protection Board (EDPB), a body that represents European data protection authorities, set up a new cookie banner taskforce. The new taskforce will coordinate the response to over 400 complaints concerning cookie banners filed by a nonprofit organization founded by Max Schrems, None of Your Business…
EU Publishes Privacy Guidance on the Use of Contact Tracing Technology in the Fight Against COVID-19
‘Contact tracing’ is a process used by public health officials to identify individuals who may have come into close proximity with a contagious virus, such as COVID-19. Traditionally, infected persons are asked to identify interactions with people whilst infected or in the days leading up to infection being diagnosed. Health…
Data Breaches, Bankruptcy and the Importance of Cyber Insurance
A recent data breach and subsequent bankruptcy combine to form a cautionary tale on the importance of cyber insurance. On our Insurance & Recovery blog Policyholder Pulse, in “From Data Breach to Bankruptcy – A Cautionary Tale for Those Without Cyber Insurance,” colleague Curtis A. Simpson examines the data breach…
The Fed May Increase Cybersecurity Standards for Large Financial Institutions and their Service Providers
The Board of Governors of the Federal Reserve System has recently indicated it may move forward with enhanced cybersecurity standards that had previously been floated by the Board, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) back in 2016. Specifically, in October…
The Wipro Data Breach and What’s a Client to Do?
The recent data breach of India-based technology services provider Wipro serves as yet another reminder that technology or outsourcing service providers are high-priority targets for cyberattacks. In “Managing Risk in Light of the Wipro Data Breach,” colleagues Andrew Caplan, Mia Rendar and Curtis Simpson examine the potential consequences of the breach for…
The Deadline Looms for New York Cybersecurity Regulations Vendor Compliance Requirements
Financial institutions regulated by the New York Department of Financial Services (DFS)—referred to in this post as “Covered Entities”—should by now be well familiar with the department’s sweeping cybersecurity regulation, 23 NYCRR 500, that became effective on March 1, 2017. The regulation delves into a level of detail (e.g., multi-factor…