Examining the Global Impact of AI + Cyber + Data + Privacy + Law = Business Risk
"While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC's objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies' cyber risks and how companies are managing and responding to them. From a very high level, this can be …
Continue reading "SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance"
On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients' protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with …
Shawn Tuma provided the Texas Bar Journal’s 2022: The Year In Review - Cybersecurity & Data Privacy Update which addressed the following issues: updated Texas cyber event notification requirements for Texas state banks Texas AG enforcement of data protection laws federal and state hacking laws former owner of company accessing company network attorney immunity for …
Hopefully you saw my recent post "Data is the hot potato!" and data minimization lessons from the FTC's Drizly case and it reinforced in your mind just how important it is to focus on the data when we are talking about cyber and privacy risk management. If it didn't, that's ok, here's another reminder. My …
On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare "covered entities," especially small and midsize organizations, but it is excellent advice for all organizations -- healthcare and non-healthcare …
Thank you, Jamie Sorley!I have a few sayings about cybersecurity and data privacy but one of my favorites is "data is the hot potato!" When doing presentations, I love to have the attendees chant over and over in unison, "Data is the hot potato! Data is the hot potato! Data is the hot potato!" This …
On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare "covered entities," especially small and midsize organizations, but it is excellent advice for …
On May 19, 2022, the U.S. Department of Justice directed prosecutors to not charge security researchers who report cybersecurity vulnerabilities in "good faith" with violations of the federal Computer Fraud and Abuse Act (CFAA). The DOJ's press release titled Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act …
Continue reading "Feds Will Not Charge Good Faith Security Research Under the CFAA"
The SEC is proposing to force boards to do what they haven't done themselves, govern cyber risk. This article makes some excellent points and I believe it is logical to expect that this could be the next evolution for where cyber risk governance is going. “The trigger for the boards that I’m on came from …
"Data is the hot potato!" - Shawn Tuma It was great to be a guest on The Above Board Show hosted by my friends Gary Latham, Raf Los, and Grant Sewell where we discussed what "The Board" needs to know about security incidents and getting prepared for the worst day ever for the company. The …
Continue reading "Security Incidents and Your Board Pt.3 – The Above Board Show"
You must be logged in to post a comment.