Cybersecurity Compliance

Cybersecurity is a term used to describe methods and systems for protecting sensitive information in the electronic sphere. As more financial, business, and personal information becomes exclusively maintained and... more +
Cybersecurity is a term used to describe methods and systems for protecting sensitive information in the electronic sphere. As more financial, business, and personal information becomes exclusively maintained and stored electronically, the risks of attacks, leaks, and disclosures become more pronouced. The concept of Cybersecurity encompasses a broad array of issues, including governmental regulations to ward off cyber terrorists, industry data collection and maintenance practices, and consumer advocacy to ensure the privacy of individuals' personal and medical information.     less -
News & Analysis as of

SEC brings first cybersecurity-related enforcement action

The Securities and Exchange Commission (“SEC”) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (the ...more

European Union Advocate General Calls For High Court to Rule U.S.-EU Data Sharing Program Invalid

In an opinion that has the potential to seriously disrupt how U.S. companies can share data from Europe, on September 23, Advocate General (AG) Yves Bot of the Court of Justice of the European Union (CJEU) declared that the...more

SEC’s Increased Cybersecurity Enforcement and How to Reduce Your Risks

The SEC announced last week that an investment adviser had agreed to settle charges that it failed to take required steps to protect against and respond effectively to a cybersecurity breach. The action comes on the heels of...more

The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs

On September 15, 2015, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert (2015 Risk Alert) to provide broker-dealers and investment...more

TN Ethics Opinion Approves Lawyers’ Cloud Storage of Client Data

Tennessee has joined other states in formally approving lawyers’ cloud-storage of client-confidential data. The Board of Professional Responsibility (“BOPR”) held that lawyers ethically may use cloud storage for...more

Evolving Litigation of Data Breach Claims

An Illinois circuit court judge has dismissed five of six claims in a consolidated class action against Advocate Health and Hospital Corporation arising from a data breach in July 2013. The judge’s dismissal with prejudice...more

SEC Releases First Cybersecurity Enforcement Action for Failure to Protect Client Data

The SEC’s focus in the action was not on the manner of the firm’s responses to the breach or whether there was any actual harm, but predominantly on the adequacy of the firm’s written policies for safeguarding customer...more

Checking In on Sanctions Enforcement

The Department of Treasury’s Office of Foreign Asset Control continues to ramp up sanctions enforcement. Even with the likely relaxation of the Iran and Cuba sanctions, OFAC has been continuing its aggressive enforcement...more

OCIE’s 2015 Cybersecurity Examination Initiative

On September 15, 2015, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released a Risk Alert (the “2015 Risk Alert”) that announced its second round of cybersecurity...more

SEC: 2015 Examination Priorities – Cybersecurity Compliance and Controls

Registered broker-dealers and investment advisers received a stern warning to strengthen their cybersecurity programs or face further regulatory scrutiny. On September 15, 2015, the SEC announced a plan to sharpen its focus...more

Securities Litigation and Enforcement Newsletter

A CD or not a CD, That is the Question… That the Auditors Should Have Answered - A headline-grabbing SEC enforcement action last week against BDO USA and several of its national partners may lead audit firms to insist on...more

The Employee’s Role in Cybersecurity: Know, Then Do

While the familiar axiom of “train your employees” is still relevant - it is becoming insufficient; beyond simply knowing what to do, more and more employees must affirmatively act to pursue their company’s cybersecurity...more

OCR Enters into $750,000 Settlement with Physician Practice for HIPAA Violations

On September 2, the Department of Health and Human Services Office of Civil Rights (OCR) announced a settlement with Cancer Care Group, P.C., a thirteen-physician oncology practice in Indiana related to violations of the...more

SEC Continues to Focus on Cybersecurity Risks

On September 15, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert regarding the SEC’s ongoing cybersecurity examinations of registered broker-dealers...more

OCIE to Conduct More Cybersecurity Exams

This week the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced a second-round of cybersecurity examinations, continuing its initiatives on the issue. The move follows the SEC’s: March 2014 roundtable...more

OCR settlement reiterates importance of proactive security rule compliance

On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve...more

Incident Response Practice Tip: Balance Meeting Breach Notification Deadlines With Securing Your Network

State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident....more

Cybersecurity Update: National Futures Association Proposes Cybersecurity Guidance Setting Forth General Requirements for Member...

The National Futures Association (“NFA”) submitted to the Commodity Futures Trading Commission (“CFTC”) on August 28, 2015 a proposed Interpretive Notice (“Proposed Guidance”) for CFTC’s approval, which provides guidance to...more

SCRA Compliance, Cybersecurity, and Responsible Innovation Remain Top Priorities at OCC

On August 31, Grovetta Gardineer, the OCC’s Deputy Comptroller for Compliance Operations and Policy, delivered remarks at the Association of Military Bankers of America annual workshop in Leesburg, VA. Throughout her...more

Interim rule requires Department of Defense contractors to report cyber breaches

Companies doing business with the U.S. Department of Defense are facing new requirements for reporting data security breaches and for acquiring cloud computing services. The Interim Rule, effective August 26, 2015, amends the...more

$750,000 Settlement Agreement Reiterates Importance of HIPAA Security Rule Compliance

On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more

Russia’s new data law

Russia’s new Data Localisation Law went live yesterday on 1 September. Many companies with operations in Russia are scratching their heads about how to comply. The Basics - The new law applies to businesses with a...more

9 Key Provisions of Outsourcing Contracts That Matter

Outsourcing, whether technical or process-centric, has become an increasingly important component of businesses of all sizes. Handing over the complexity of ever-changing systems that require increasing expertise can often...more

Privacy & Cybersecurity Update - August 2015

Third Circuit Affirms FTC’s Authority Over Cybersecurity: In the Wyndham case, the Third Circuit affirmed that the FTC has the authority to regulate cybersecurity under Section 5 of the FTC Act, and that the language of...more

Think Big Picture – minimize corporate export compliance risks while protecting your information security

Recently I have attended several cyber security conferences. What I have learned about protecting information has changed how I view export controls. Senior management and board members should think about the big picture as...more

115 Results
View per page
Page: of 5

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.