On August 29, 2023, the California Privacy Protection Agency (“CPPA”) published draft regulations on risk assessments and cybersecurity audits required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). The CPPA will discuss the draft regulations at the upcoming public meeting on September 8, 2023. The draft regulations make clear that the CPPA has not yet begun formal rulemaking, and that the draft regulations are “intended to facilitate…
In this episode, Cynthia Cole, IP & Technology Partner based in Palo Alto, is joined by Jerome Tomas, Chair of the Firm’s Securities and Exchange (SEC) and Financial Institutions Enforcement Group based in Chicago, as the two discuss the SEC’s recently issued Final Rules for Cyber and what this means for public companies. Listen in to learn more about: Why should you care? The SEC has brought enforcement actions before based on data breach disclosure-what’s different…
In brief On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) approved the final rules for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (“Final Rules”). As previously reported, the SEC first proposed amendments to its rules on disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies on March 9, 2022 (“Proposed Rules”). Similar to the Proposed Rules, the Final Rules, broadly speaking, require (i) issuers to make disclosures…
Vietnam is releasing a brand-new draft decree superseding Decree No. 72/2013/ND-CP (as amended) (“Decree 72”) on the management, provisions, and use of Internet services and online information (“Draft Decree”).
We explore current data privacy challenges that affect video game monetization, as well as the value of a good cybersecurity strategy.
Every CISO knows it’s not a matter of ‘if’ a cybersecurity incident will occur, but ‘when.’ Fortunately, there’s one name at the top of every CISO’s incident response list: Stephen Reynolds, partner in Baker McKenzie’s Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to…
In the second of this two-part series, Brian Hengesbaugh, Global Chair of Privacy and Security at Baker McKenzie is joined by Cyrus Vance Jr., Global Chair of Cybersecurity, as the two continue their discussion on cybercrime, focusing on the National Cybersecurity Strategy recently released by the White House, which seeks to address cyber risk and resiliency in America. Listen in to hear their views about: The National Cybersecurity Strategy framework, highlighting key takeaways of the…
In the first of this two-part series, Brian Hengesbaugh, Global Chair of Privacy and Security at Baker McKenzie, is joined by Cyrus Vance Jr., Global Chair of Cybersecurity, as the two discuss the alarming increase in cybercrimes, looking broadly at the trends, public safety risks and legal implications for the business community, particularly as it pertains to boards and senior management navigating the current threat landscape. Listen to learn more about: Why it is difficult to…
In brief Critical infrastructure has been the focus of several recent US cyber readiness initiatives, although the results have left a patchwork of regulations that may be enforced differently across sectors and federal agencies. As an example, in March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which will require critical infrastructure organizations to report cyber incidents and ransom payments to the US Cybersecurity and Infrastructure…
Cybercrime is an increasingly pressing problem for societies at large, with digital transformation, remote working and geopolitical issues bringing about increased cyber threats and attacks. In 2016 the European Parliament adopted the Network and Information Security Directive (NISD), the first EU-wide legislation on cybersecurity, and the revised legislation, NIS2, has just been published. NISD required the implementation of certain risk management and reporting obligations on operators of essential services (OES), which included entities maintaining critical…