In today's connected economy, not only do organizations need to keep on top of evolving cyberthreats and new malware, but also a variety of ever-growing data security regulations as well. But staying ahead of these cybersecurity requirements can be exceedingly difficult, for not only are regulatory agencies looking to broaden and advance the scope of their oversight, but many regulations themselves still leave unanswered questions over compliance and best practices.

At an event hosted by the New York Metro Chapter of the Information Systems Security Association , speakers from three legal firms highlighted several regulatory areas that are leaving many companies scratching their heads.

|

1. How will the FTC manage product vulnerabilities?

The U.S. Court of Appeals for the Third Circuit ruling in FTC v. Wyndham Worldwide Corp. effectively codified the Federal Trade Commission's (FTC) position as a cybersecurity oversight board. Katherine Gasztonyi, senior associate at Hogan Lovells, said the ruling means that every piece of FTC guidance, whether from reports, blogs or regulatory action, is “putting you on notice that those are the kind of things you will be held accountable for.”