Managing vendor risks includes putting pen to paper. Organizations are increasingly susceptible to risks outside their controlled IT infrastructure as they engage third-party vendors to manage online platforms and process data. Even though an organization may have little to no
On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response
On October 21, 2022, the US Department of Health and Human Services, along with the FBI and the Cybersecurity Infrastructure and Security Agency (CISA), issued a bulletin warning that a cyber threat actor group known as “Daixin Team,” is actively
Major privacy law reform in Australia gathered pace this week, with newly tabled legislation proposing to significantly increase penalties for privacy breaches, among other reforms.
Now is the time to start asking questions
In preparation for these reforms, companies that
On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement claimed that EyeMed had committed
Privacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. Particularly, buyers want to understand the risk and value inherent in sellers’ data assets and sellers want to manage transactional and
As reported in our previous blogpost, on 7 October 2022, the US White House published an Executive Order on enhancing safeguards for United States signals intelligence activities (EO).
In this blogpost, we set out the key points
In July of this year, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such
On 15 September 2022, the European Commission published its proposal for a new Regulation which sets out cybersecurity related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA).
The CRA introduces common cybersecurity
On 7 October 2022, the US White House published the Executive Order on enhancing safeguards for United States signals intelligence activities. This action is the first part of the US legal apparatus required for the EU Commission to find certain