William Gamble Archive
The United States was once the leader in creating rules curtailing fraud on stock exchanges. One of its most famous rules, Rule 10-b5 codified at 17 CFR 240.10b-5, was created in the 1940s and prohibits acts or omissions resulting in …
As a cybersecurity and privacy lawyer, I consider the GLBA (Gramm-Leach-Bliley Act) an early but outdated effort at regulating the financial industry. It was passed in 1999. For consumers, the main impact is a long privacy notice that explains what …
It should surprise no cybersecurity professional that the U.S. Congress has failed to pass legislation that would have required organizations in critical sectors like energy and transportation to alert the government when they were hit with online incidents. In a …
The odds of an organization experiencing a cyber security breach are about 30% in any two-year period. A cybersecurity breach can have major, sometimes catastrophic, effects – on an organization’s reputation and even the cost of debt. This makes responding …
The COVID-19 pandemic has resulted in many changes to the way organizations operate. It’s estimated that the number of remote workers increased from just over 4% of the workforce to almost half, with about 80% of employers allowing at least …
Recently, a client told me that he did not have any personal information on his systems, so he wasn’t subject to privacy laws. At that point, I knew he was in trouble. The problem is that there is no one …
On December 10, 2020, the Department of Health and Human Services published its proposed changes to the HIPAA (Health Insurance Portability and Accountability Act). The changes, which would not be effective until March 22, 2021, concern the right of patients …
Last year’s SolarWinds hack draws attention to a major cybersecurity issue. SolarWinds is a software development company. One of its products, Orion, is a monitoring and management platform designed to simplify IT administration. The product is very popular and is …
When it comes to cybersecurity and data privacy regulation, most U.S. businesses look at Europeans with a certain degree of smugness. After all, Europeans must deal with the onerous GDPR (General Data Protection Regulation). European organizations can use an individual’s …
PCI DSS. SOC 1 and 2. COBIT® 5. NIST CSF. NIST SP 800-53. NY SHIELD. NYDFS. ISO 27001. What are they and what do they have in common? Why should you care? How do you choose between them? They are …
