Photo of Edward McNicholas

Ropes & Gray data, privacy & cybersecurity practice co-lead Ed McNicholas was recently featured on the R&G Tech Studio podcast, a Ropes & Gray podcast focused on showcasing the interesting and exciting work our attorneys are doing in the world of tech. In the interview, McNicholas sits down with Ed Black, technology, media &

Data, privacy & cybersecurity partner Ed McNicholas and counsel Kevin Angle authored the USA chapter in Cybersecurity Laws and Regulations 2023. The chapter provides an overview of common issues in cybersecurity laws and regulations, including cybercrime, applicable statutes, prevention of cyber-attacks, sector-specific guidance, corporate governance, litigation, insurance, and investigatory and police powers.

Click here to

On 7 October 2022, the White House issued an Executive Order, as well as an accompanying Fact Sheet, which sets out the foundations for the Transatlantic Data Privacy Framework (“Framework”).

Since the decision of the Court of Justice of the European Uon (“CJEU”) in the Schrems II case in mid-2020, organizations have not

On April 8, 2022, the U.S. Food and Drug Administration (“FDA”) released a draft guidance document titled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” The draft guidance, if finalized, would replace FDA’s 2014 final guidance document titled, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” adding significant

Data, privacy & cybersecurity partners Ed McNicholas and Fran Faircloth and counsel Kevin Angle authored a chapter in Chambers Global Practice Guide Cybersecurity 2022 on “USA Law & Practice and Trends & Developments.” The chapter provides an overview of cybersecurity regulation in the United States and provides insights on the multitude of cybersecurity

On March 15, 2022, President Biden signed into law significant new federal data breach reporting legislation that could vastly expand data breach notice requirements far beyond regulated entities or entities processing personal data. Unceremoniously tucked as Division Y into the H.R. 2471 Consolidated Appropriations Act, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of

On March 9, 2022, the Securities and Exchange Commission (“SEC”) proposed updates to its disclosure rules intended to “enhance and standardize” public company disclosure regarding cybersecurity risk management, strategy, governance, and incident reporting (the “Proposed Rules”). The Proposed Rules may require issuers to update their disclosure controls and procedures, in particular with respect

Anxiety is running high as a result of Russia’s invasion of Ukraine, particularly in cybersecurity circles. The 2017 NotPetya attack was a Russian cyber-weapon fired at the Ukraine.  In 2017, NotPetya spread to FedEx, Maersk, Merck, and several other companies, and it would be naïve not to expect a spillover from the 2022 attack.  Indeed, a barrage of similar “wipers” has already been fired in 2022, and reports are circulating that some computers in Lithuania have been impacted.

Many cyber-weapons are delivered through phishing attacks, and companies can take three important steps to help prevent these attacks:

  • Send out a training reminder to all employees about spotting and avoiding phish email that may carry the malware into your environment.
  • Recognize that training will not be enough; increase filtering for malicious messages.
  • Push for multi-factor authentication for remote access to email.


Continue Reading The Ukrainian Cybersecurity Spillover Problem

On February 9, 2022, the SEC published a release addressing Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies (“Release”). The Release contained proposed new rules under the Advisers Act (Rules 206(4)-9 and 204-6) and the Investment Company Act of 1940 (Rule 38a-2) and amendments (collectively, the “Proposals”), which would require

In a recent article in Global Data Review, Ed McNicholas provided insights on a proposal by the Arizona legislature to ban tax-payer funded ransomware payments. The bill, recently introduced in the Arizona House of Representatives, would restrict public entities from paying ransoms demanded by hackers. A companion bill would require that cyber attacks be