Dan Pepper (US)

Subscribe to all posts by Dan Pepper (US)

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Photo of Dan Pepper (US)Photo of Amelia Klitenic (US)Photo of Megan Kunnel (US)Photo of Phillip Pang (US)By Dan Pepper (US), Amelia Klitenic (US), Megan Kunnel (US) and Phillip Pang (US) on Posted in Cybersecurity, General
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors. The CIRCIA was originally enacted in part as a response to recent attacks on … Continue reading

NYDFS issues significant guidance on insurers using AI or external data

Photo of Dan Pepper (US)Photo of Elyssa Diamond (US)By Dan Pepper (US) and Elyssa Diamond (US) on Posted in Artificial Intelligence
On January 17, 2024 the New York Department of Financial Services (“NYDFS”) published a Proposed Insurance Circular Letter (“Proposed Circular”) regarding the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing. This Proposed Circular does not create or change any legislation, but once finalized, will … Continue reading

FCC adopts updated data breach notification rules to protect consumers

Photo of Dan Pepper (US)Photo of Katherine Eige (US)By Dan Pepper (US) and Katherine Eige (US) on Posted in Data breach
On December 13, 2023, the Federal Communications Commission (FCC) voted to update a 16-year-old privacy rule expanding breach notification requirements for telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS). Under the new rule, these companies are now required to adequately safeguard sensitive customer information in an attempt to hold phone companies … Continue reading

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in Cybersecurity, General
On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably, covered entities are now subject to new requirements imposing heightened responsibilities on Chief Information Security … Continue reading

FTC amendment to Safeguards Rule

Photo of Dan Pepper (US)Photo of Elyssa Diamond (US)By Dan Pepper (US) and Elyssa Diamond (US) on Posted in Data breach, General
Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. Requirements Approved on October 27, 2023 by a 3-0 vote by the Commission after a public comment period, the amendment requires non-banking financial … Continue reading

NIST Proposes Revised Security Guidelines For Federal Contractors

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in General
In response to the constantly evolving landscape of cybersecurity threats, the National Institute of Standards and Technology (NIST) has recently updated their guidelines for Special Publication NIST 800-171, making its guidance more prescriptive, and potentially making it harder for contractors to comply. NIST 800-171 is a set of guidelines created to help federal agencies and … Continue reading

NYDFS proposes significant cybersecurity regulation amendments

Photo of Dan Pepper (US)Photo of Susan Ross (US)By Dan Pepper (US) and Susan Ross (US) on Posted in Cybersecurity
On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period.  NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.  NYDFS retained many of those earlier proposed changes, and made … Continue reading

CISA Releases New Infrastructure Cybersecurity Goals for Critical Infrastructure

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in Cybersecurity
On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response to President Joe Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure … Continue reading

NYDFS proposes significant cybersecurity regulation amendments

Photo of Dan Pepper (US)Photo of Susan Ross (US)Photo of Patrick Burke (US)By Dan Pepper (US), Susan Ross (US) and Patrick Burke (US) on Posted in Cybersecurity
On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500.  Because this version is the “preposed” copy of the changes, there is … Continue reading
LexBlog