Adding to the chorus (or cacophony) of regulatory voices on the cybersecurity front, the SEC has recently issued new interpretive guidance concerning cybersecurity-related disclosures that public companies are required to make under federal securities laws.
Last week, NYS DFS began sending out e-mail notices to individuals stating that they had failed to comply with the Certification of Compliance requirement under 23 N.Y.C.R.R. § 500.17(b), which mandates that a Covered Entity under the regulations certify compliance annually. The deadline for certification was February 15, 2018.
Starting the new year with a gift to employers, the National Labor Relations Board (“NLRB”) issued a decision overturning its prior, controversial standard for reviewing employee handbooks and policies.
Last September, shortly after Equifax disclosed a massive data breach, regulatory agencies moved quickly to adopt regulations intended to better protect consumers from data breaches. Last week, Congress took a first step toward codifying such protections.