Hunton Andrews Kurth write: As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. Six companies have now made Item 1.05 Form 8-K filings. Three of these companies also…
Category: Breach Laws
Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage…
China issues draft contingency plan for data security incidents
Eduardo Baptista reports: China on Friday proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders. The contingency plan comes amid heightened geopolitical tensions with the United States and its allies and follows an incident last year when a hacker claimed…
FCC Approves Major Updates to Data Breach Notification Rules
Chris Riotta reports: The U.S. Federal Communications Commission voted Wednesday along party lines to update 16-year-old privacy protection rules and expand breach notification requirements as part of an effort to provide law enforcement and the public with real-time information about harmful data breaches. The new rule expands the scope of the FCC’s breach notification requirements…
AHA opposes HHS’ plan for cybersecurity fines
Naomi Diaz reports: The American Hospital Association said HHS’ plan to levy financial penalties in the event of a cyberattack on a healthcare organization would be counterproductive. In a Dec. 6 statement, the AHA said it is advocating for the HHS to review its proposal that requires healthcare organizations to be compliant with new cybersecurity requirements and…
Seeking clarification on Maine’s data breach notification statute
If you can’t get an interpretation of a state breach notification statute from the state’s attorney general, where can you get it? DataBreaches recently wrote to the Maine Attorney General’s Office: I am not sure I really understand a provision in Chapter 210-B §1348. Security breach notice requirements, and am seeking clarification. In Paragraph 1,…