45

New Articles

March 20, 2023

Time is ‘TikTok’-ing — ‘Being Real’ About Preemptively Addressing... by: Christina L. Wabiszewski and Kimberly K. Henrickson
What is Electronic Healthcare Records Fraud? by: Tycko & Zavareei Whistleblower Practice Group
NYSE, Nasdaq Propose Listing Standards Implementing SEC Clawback Rules by: Rebecca G. DiStefano and Barbara A. Jones
NY PSC Again Modifies Utility Procurement Requirements to Support ‘... by: Joel Meister
Will Jones Act Waivers Be a Viable Option in the Future? by: Dana S. Merkel and Jonathan K. Waldron
Mississippi Gaming Commission Agenda: March 23, 2023 Meeting by: Gulf States Gaming Law at Jones Walker
Florida Senate Bill Would Criminalize ‘Knowingly and Willfully’... by: Natalie L. McEwan
Maryland Senate Passes Commercial Finance Disclosure Law: House will... by: Joel L. Perrell Jr.
The EB-5 Fix Episode 2: The EB-5 Regulator & Policy Maker [... by: Shae Armstrong
2023 Affirmative Action Plan Certification Portal to Launch March 31... by: Labor and Employment Polsinelli
Survive and Advance: The Lateral Partner Interview Process (A March... by: Howard Cohl
Payor-Led Initiatives to Strengthen Mental Health Resources by: Audrey Crowell and Ariana R. Stobaugh
Senate Committee Will Hold Hearing on EPA’s Proposed FY 2024 Budget by: Lynn L. Bergeson and Carla N. Hutton
Weekly IRS Roundup March 13 – March 17, 2023 by: Sarah M. Raben
GAO Issues Noteworthy Protest Decision on Joint Venture Experience by: Aron C. Beezley and Patrick R. Quigley
EPA Releases Additional Data on Ongoing Uses of Chrysotile Asbestos by: Lynn L. Bergeson
National Advertising Division’s 2022 Annual Report: An Advertising... by: Katherine A. Spicer and Marisol C. Mork
New York State Amends Pay Transparency Law by: Stacey A. Bastone and K. Joy Chin
President Biden’s First Veto is on Congress’ Disapproval of ESG... by: Joseph C. Stanko and Scott H. Kimpel
No Fooling: City of Los Angeles Retail Fair Workweek Ordinance Takes... by: Leonora M. Schloss and Angela Quiles Nevarez
Is “French Dessert” Necessarily Made in France? by: Food and Drug Law at Keller and Heckman
The Rough Waters of Website Accessibility by: Hayley Singer Grunvald
Weekly Bankruptcy Alert: March 20, 2023 by: Business Practice Group Pierce Atwood
Australia and India’s Education Framework – What It Means for... by: Aniruddha Majumdar and Aparna Gaur
FTC Announces Orders to Address Deceptive Advertising on Social Media... by: Hunton Andrews Kurth’s Privacy and Cybersecurity
FDA Draft Guidance Signifies Acceptance of the Term “Milk” to... by: Michael A. Lundholm
March Madness: “The Truth” Fined by the SEC for Not Shooting Straight... by: Matthew G. Lindenbaum and Robert L. Lindholm
Non-Compete and No-Poach Agreements: Towards Convergence of the US... by: Anton Gerber
2023 State Privacy Laws and Regulations Bring Extensive Data... by: Alan L. Friel
Iowa to Be Sixth State to Pass a Consumer Privacy Statute by: Mary T. Costigan and Jason C. Gavejian
FDA Modernizes Mammography Regulations, Provides Facilities with... by: Joanne S. Hawana and Jane Haviland
US Copyright Office Issues Registration Guidelines for Works with... by: Matthew L. Finkelstein and Anthony V. Lupo
Antitrust: DOJ Scuttles ACO Guidance, Unsettles Ground Under Provider... by: Kinal M. Patel and Alexis Finkelberg Bortniker
Pennsylvania Commonwealth Court Holds Employer Financially... by: William F. McDevitt
DOJ Announcements on Corporate Compliance Programs, Compensation... by: Blockchain Law at Hunton Andrews Kurth
Amendment to Anti-Money Laundering Laws: A Relative Conundrum by: Ritul Sarraf and Prakhar Dua
SEC Obtains Court Judgment Against Unregistered Municipal Advisors by: Peter D. Hutcheon
DOJ Publishes New Corporate Compliance Guidance Related to... by: Hunton Andrews Kurth’s Privacy and Cybersecurity
EPA's eighth attempt to define the reach of the Federal Clean... by: Jeffrey R. Porter
High Court Smooths Out Wrinkles in Full Federal Court’s Protox... by: Chris Round and Phoebe Naylor
ATDS ANARCHY - The Five9 Dialer is Driving TCPA ATDS Trouble (Again)... by: Eric J. Troutman
The Gender Pay Gap and What Belgian Employers Need to Do About It (... by: Marga Caproni
H2 Production: A Shift Towards Electrolysis by: Jason A. Engel and Dr. Benjamin Fechner
Choice Of Law And Holding Companies by: Keith Paul Bishop
Court Affirmed The Decision To Not Probate A Copy Of A Lost Will by: David Fowler Johnson

March 19, 2023

Epa Joins Governor Polis at Denver Elementary School to Announce $3... by: EPA

March 18, 2023

Article By

Charles Glover

Kari M. Rollins

Sheppard, Mullin, Richter & Hampton LLP

Eye On Privacy

Related Practices & Jurisdictions

All Federal

72 hours: The NCUA’s New Cyber Incident Reporting Requirement

Friday, March 17, 2023

Three days. Starting September 1, 2023, that is all federally insured credit unions will have to report cyber incidents.

The rule, approved on February 16, 2023, broadly defines cyber incident to include any incident that jeopardizes an information system or the information stored in one. Reportable incidents however are defined by a slightly less broad, but perhaps more complex, three-part definition that also requires a report when a credit union has a “reasonable belief” it has been the victim of a cyber attack:

Part one requires a report if the incident causes a substantial loss to an information system. This includes through the exposure of data, disruption of vital services, or as a result of a serious impact to the safety and resiliency of a system.
Part two requires a report in the event of an incident that causes a disruption to business operations, vital services, or to an information system.
Part three requires a report if a third-party informs a credit union that credit union data or business operations have been compromised. This portion of the rule only applies to third-parties that have a relationship with the credit union.

Procedurally, the report must be provided to the credit union’s designated NCUA’s point of contact no later than 72 hours after it experiences or reasonably believes it has experienced a reportable cyber incident. In the case of third-party notification, the 72 hour period begins to run from the time of the third-party notification. A credit union need not fully assess the incident before making its report.

Putting it into Practice: This rule is another example of a regulator trying to move organizations towards a faster reporting deadline. Federally insured credit unions should organize their incident response plans to respond in kind.

Latest Legal News & Analysis

Time is ‘TikTok’-ing — ‘Being Real’ About Preemptively Addressing Employees’...

Foley & Lardner LLP

What is Electronic Healthcare Records Fraud?

Tycko & Zavareei LLP

NYSE, Nasdaq Propose Listing Standards Implementing SEC Clawback Rules

Greenberg Traurig, LLP

NY PSC Again Modifies Utility Procurement Requirements to Support ‘Ambitious’...

Foley & Lardner LLP

Will Jones Act Waivers Be a Viable Option in the Future?

Blank Rome LLP

TRENDING LEGAL ANALYSIS

Senate Committee Will Hold Hearing on EPA’s Proposed FY 2024 Budget

Bergeson & Campbell, P.C.

Weekly IRS Roundup March 13 – March 17, 2023

McDermott Will & Emery

GAO Issues Noteworthy Protest Decision on Joint Venture Experience

Bradley Arant Boult Cummings LLP

EPA Releases Additional Data on Ongoing Uses of Chrysotile Asbestos

Bergeson & Campbell, P.C.

National Advertising Division’s 2022 Annual Report: An Advertising Compliance...

Squire Patton Boggs (US) LLP

New York State Amends Pay Transparency Law

Jackson Lewis P.C.

Upcoming Legal Education Events

Life Sciences Lifeline: Pitch Deck Perfection

Tuesday, March 21, 2023

Is Trademark Protection Going to the Dogs? Copyright Fair Use

Tuesday, March 21, 2023

PEOs, EORs, and Bringing Benefits In-House: HR Solutions You Need To Know - Part 2

Tuesday, March 21, 2023

Foley’s 2023 Automotive EV Legal Outlook

Tuesday, March 21, 2023

About this Author

Charles Glover

Associate

Charles Glover is an associate in the Intellectual Property Practice Group in the firm's New York office.

Areas of Practice

Charles' practice focuses on breach response, data privacy law, and intellectual property disputes. His representations cover a variety of clients, including national banks, domestic airlines, and entertainment companies.

Charles’ solutions-oriented focus and diverse experience allow him to develop and implement dynamic strategies tailored to meet his clients’ needs. He has helped clients of all sizes and stages...

[email protected]

212.896.0679

www.sheppardmullin.com

Kari M. Rollins

Kari Rollins Intellectual Property Lawyer Sheppard

Partner

Kari M. Rollins is a partner in the Intellectual Property Practice Group in the firm's New York office.

Areas of Practice

Ms. Rollins focuses her practice on privacy and complex commercial litigation matters. She has successfully represented clients in the financial services, audit and accounting, food services, retail, and fashion industries before state and federal courts, as well as in front of state attorneys general, federal regulators, and U.S. and international commercial arbitration forums....

[email protected]

212.634.3077

March 21, 2023

Volume XIII, Number 80

45

March 20, 2023

March 19, 2023

March 18, 2023

Article By

Related Practices & Jurisdictions

72 hours: The NCUA’s New Cyber Incident Reporting Requirement

Latest Legal News & Analysis

TRENDING LEGAL ANALYSIS

Upcoming Legal Education Events

Areas of Practice

Legal Disclaimer