Demian Ahn

Subscribe to all posts by Demian Ahn

FTC Amends Safeguard Rule with Requirement for Non-Banking Financial Institutions to Report Data Security Breaches

On October 27, 2023, the Federal Trade Commission (FTC) announced it is amending the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) to include a requirement for non-bank financial institutions to report certain data breaches and other security events to the agency.… Continue Reading

New Proposed Rules Published for Cyber Incident Reporting and Cybersecurity Requirements Will Have Major Impacts on Federal Contractors

Reflective of the Government’s increasing focus on cybersecurity, on October 3, 2023, the Federal Acquisition Regulation Council (FAR Council) released two new proposed rules that will have major impacts on federal contractors. These rules implement the May 2021 Executive Order on Improving the Nation’s Cybersecurity.1 One rule applies to any federal contractor that uses information and … Continue Reading

SEC Adopts Cybersecurity Disclosure Rules

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) announced that it adopted final rules requiring disclosure by public companies of material cybersecurity incidents in a Current Report on Form 8-K, and of material information regarding their cybersecurity risk management, strategy, and governance in an Annual Report on Form 10-K. Foreign private issuers will be required to … Continue Reading

SEC Adjusts Anticipated Action Date for Publication of Final Rules for Cybersecurity Reporting and Enhanced Standardized Disclosure

Earlier this month, the U.S. Securities and Exchange Commission’s (SEC) 2023 Spring Unified Agenda of Regulatory and Deregulatory Actions was released. The agenda identifies the rules that the agency expects to consider in the next 12 months and includes an anticipated action date for finalizing rules for cybersecurity disclosure by public companies by October 2023. … Continue Reading

White House Releases National Cybersecurity Strategy: Key Takeaways for the Private Sector

On March 2, 2023, the White House released its National Cybersecurity Strategy (the Strategy). The Strategy sets out ambitious goals for the federal government to hold countries accountable for irresponsible behavior in cyberspace and to disrupt the networks of criminals behind cyberattacks. It also seeks to establish, harmonize, and streamline regulations to secure critical infrastructure, as well … Continue Reading

DOJ Acknowledges Limits to the CFAA, but Questions (and Possible Civil Liability) Remain for Security Researchers and Others

On May 19, 2022, the U.S. Department of Justice (DOJ) revised its policy regarding charging decisions under the Computer Fraud and Abuse Act (CFAA). The new policy makes clear, “for the first time,” that the DOJ “should decline prosecution” of “good faith” security research, even if said research involves a technical violation of the CFAA.1 The … Continue Reading
LexBlog