Debevoise Data Blog – Page 35

NIST Releases Most Significant Update to Cybersecurity Framework Since 2014

By: Avi Gesser, Erez Liebermann, Michael R. Roberts, HJ Brehmer and Annabella M. Waszkiewicz March 14, 2024

On February 26, 2024, the National Institute of Standards and Technology (“NIST”) announced the release of Version 2.0 of the Cybersecurity Framework (“Version 2.0” or the “Framework”). We previously wrote about proposed changes to the Framework, which has become an important industry standard for assessing cybersecurity maturity of organizations and managing cybersecurity risk. Version 2.0’s enhanced guidance, and particularly its…

Webcast – CFTC Proposed Rulemaking for an Operational Resilience Framework

By: Erez Liebermann, Caroline Novogrod Swett, Robert Maddox and Stephanie Thomas March 7, 2024

On March 15, 2024, Erez Liebermann, Caroline Swett, Robert Maddox, and Stephanie Thomas from our Data Strategy and Security and Banking Groups hosted the next installment of our Data Security Webcast, where they delved into the Commodity Futures Trading Commission’s (“CFTC”) notice of proposed rulemaking for an operational resilience framework for futures commission merchants, swap dealers, and major swap participants…

Announcing the Debevoise Tracker for Cybersecurity Incident Disclosure on Form 8-K

By: Avi Gesser, Benjamin R. Pedersen, John Jacob and Talia Lorch March 6, 2024

In July, we previewed the new rules adopted by the Securities and Exchange Commission (“SEC”) for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Under these rules, Item 1.05 of Form 8-K requires U.S. public companies to disclose material cybersecurity incidents. We have been tracking Form 8-K filings under the new SEC requirements since the rules went into effect on…

Biden Administration Acts to Limit Access to Sensitive Personal Data by Countries of Concern

By: Satish Kini, Erez Liebermann, Rick Sofield, Robert Dura, Taylor Richards and Stephanie Thomas March 5, 2024

On February 28, 2024, President Biden issued an Executive Order (the “Order”) designed to protect the “sensitive personal data” of Americans from “exploitation” by “countries of concern” or related “covered persons.” Concurrently, the Department of Justice (“DOJ”) released an Advance Notice of Proposed Rulemaking (“Advance Notice”), detailing potential definitions for key terms not defined in the Order, discussing the potential…

European Data Protection Roundup – January 2024

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Martha Hirst, Jeevika Bali, Samuel Thomson and Alexia Turpin February 28, 2024

Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their data subject access request processes easy to navigate, the Dutch data protection authority fined Uber €10 million for, amongst other failings: (i) not specifying to drivers how long it retained…