nvi - kn

The evolving landscape of cybersecurity threats has prompted regulatory bodies to take action in safeguarding investors against the potential ramifications of data breaches. The Securities and Exchange Commission (SEC) has responded by introducing new disclosure requirements, underlining the importance of broader transparency in addressing cyber risks. With the effective date of the new disclosure requirements approaching in mid-December, companies have a limited window to confirm their compliance readiness. While these requirements may appear manageable at first, they should raise significant concerns when dealing with a ransomware attack.

Five years have passed since the introduction of GDPR in Europe, heightening awareness about consumers’ personal data in the hands of businesses. This in turn has paved the way for increased regulations outside of Europe, including the CPRA, and individual state mandates which grant consumers, patients, and employees the power to request the deletion of their personal data from a company’s records. Businesses must respond swiftly to these requests while also balancing records retention and other legal requirements. The CPRA, as an amendment to the CCPA, and the GDPR both emphasize transparency and the rights of individuals concerning their data. However, despite looming penalties, the lack of significant enforcement of these regulations coupled by the extreme difficultly of properly implementing these controls, has led many businesses to lag in implementing proper controls for compliance.