Edward McNicholas

Contact:

SEC Adopts Final Rules on Public Company Cybersecurity Disclosures

By Paul Kinsella, Edward McNicholas, Marko Zatylny, Kevin Angle & Marc Rotter on July 28, 2023

On July 26, 2023, the Securities and Exchange Commission (the “SEC”) voted 3–2 to adopt rules requiring public companies to disclose material cybersecurity incidents as well as information regarding their cybersecurity risk management, strategy, and governance (the “Cybersecurity Disclosure Rules” or “Final Rules”).¹ The Final Rules require disclosure of “material cybersecurity incidents”. The disclosure must be made within four business days from the date on which a cybersecurity incident is determined to be “material” as opposed to four business days from the date on which the occurrence of an incident is discovered; although, that distinction may be difficult to implement in practice. Covered entities, which include all issuers that file annual reports on Form 10-K or Form 20-F, should promptly review their cybersecurity protocols and procedures to address further required disclosure items.²…

Continue Reading SEC Adopts Final Rules on Public Company Cybersecurity Disclosures

The SEC Awakens to Cybersecurity With the Zeal of a Convert

By Edward McNicholas & Briana Fasone on May 12, 2023

Since 2000, technological advances have transformed how customers interact with financial institutions and how such firms store, process and protect personal information. The proliferation of large-scale hacks and data breaches throughout this time simultaneously demonstrated the difficulty of data protection given the ever-evolving nature of cybercrime. Despite these developments, the SEC has failed to update…

SEC Publishes Proposed Amendments to Regulation S-P; Comment Period Ends May 22

By Jason Brown, Joel Wattenbarger & Edward McNicholas on March 21, 2023

On March 15, 2023, the SEC issued a release (the “Release”) containing proposed amendments to Regulation S-P (the “Proposals”). These Proposals were published in the Federal Register today, March 21. If adopted, the Proposals would require broker-dealers, registered investment companies (with business development companies, “registered funds”) and investment advisers to adopt written policies and…

Solving the Cybercrime Collective Action Problem

By Edward McNicholas, Christine Moundas & Briana Fasone on March 13, 2023

Blackbeard may not be the first name that comes to mind when considering cybercrime, but prior international efforts to stop stateless rogue actors can point us toward the proper focus for cybersecurity—governments taking responsibility to solve a classic collective action problem by direct action, supporting existing industry defense measures, and leading multilateral cooperation efforts. This…

R&G Tech Studio Podcast Features Ed McNicholas

By Edward McNicholas on December 13, 2022

Ropes & Gray data, privacy & cybersecurity practice co-lead Ed McNicholas was recently featured on the R&G Tech Studio podcast, a Ropes & Gray podcast focused on showcasing the interesting and exciting work our attorneys are doing in the world of tech. In the interview, McNicholas sits down with Ed Black, technology, media &…

International Comparative Legal Guide – Cybersecurity 2023 Authored by Ed McNicholas and Kevin Angle

By Edward McNicholas & Kevin Angle on November 14, 2022

Data, privacy & cybersecurity partner Ed McNicholas and counsel Kevin Angle authored the USA chapter in Cybersecurity Laws and Regulations 2023. The chapter provides an overview of common issues in cybersecurity laws and regulations, including cybercrime, applicable statutes, prevention of cyber-attacks, sector-specific guidance, corporate governance, litigation, insurance, and investigatory and police powers.

Click here to

White House Issues Executive Order Outlining Key Points of the Transatlantic Data Privacy Framework

By Christopher Foo, Edward Machin, Rohan Massey, Fran Faircloth, Edward McNicholas & David Peloquin on October 13, 2022

On 7 October 2022, the White House issued an Executive Order, as well as an accompanying Fact Sheet, which sets out the foundations for the Transatlantic Data Privacy Framework (“Framework”).

Since the decision of the Court of Justice of the European Uon (“CJEU”) in the Schrems II case in mid-2020, organizations have not…

FDA Updates Guidance on Cybersecurity Responsibilities for Medical Device Manufacturers

By Greg Levine & Edward McNicholas on May 13, 2022

On April 8, 2022, the U.S. Food and Drug Administration (“FDA”) released a draft guidance document titled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” The draft guidance, if finalized, would replace FDA’s 2014 final guidance document titled, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” adding significant…

Chambers Cybersecurity 2022 USA Chapter Authored by Ed McNicholas, Fran Faircloth, and Kevin Angle

By Edward McNicholas, Fran Faircloth & Kevin Angle on April 14, 2022

Data, privacy & cybersecurity partners Ed McNicholas and Fran Faircloth and counsel Kevin Angle authored a chapter in Chambers Global Practice Guide Cybersecurity 2022 on “USA Law & Practice and Trends & Developments.” The chapter provides an overview of cybersecurity regulation in the United States and provides insights on the multitude of cybersecurity…

Expansive Federal Breach Reporting Requirement Becomes Law

By Edward McNicholas, Kevin Angle & Fran Faircloth on March 22, 2022

On March 15, 2022, President Biden signed into law significant new federal data breach reporting legislation that could vastly expand data breach notice requirements far beyond regulated entities or entities processing personal data. Unceremoniously tucked as Division Y into the H.R. 2471 Consolidated Appropriations Act, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of…

MENU

RopesDataPhiles