Security and Privacy Controls

News & Analysis as of

SEC Fines Investment Firm $75,000 for Failing to Adopt Written Cybersecurity Policies and Procedures

Investment firm R.T. Jones Capital Equities Management (R.T. Jones) has agreed to settle with the Securities and Exchange Commission (SEC) and pay a $75,000 penalty over charges that it failed to adopt written policies and...more

OCR Launches Interactive HIPAA Site for Mobile Health App Developers

On October 5, 2015, the Office for Civil Rights (OCR) announced the launch of a new platform for mobile health (mHealth) developers and others interested in the intersection of health information technology and HIPAA privacy...more

SEC Settles Charges Against Investment Firm that Failed to Adopt Cybersecurity Policies Before Data Breach

Recently, the SEC announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, agreed to settle charges that it failed to establish the required cybersecurity policies and procedures before a...more

OCIE Issues Cybersecurity Risk Alert and Exam Plans; Follows Up with Enforcement Action

The Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) recently released a Risk Alert containing its plan for a second round of cybersecurity examinations of registered...more

What's So Great About an Information Security Policy?

Lawyers and compliance professionals constantly tout the importance of internal information security policies, particularly in light of data privacy problems that are reported almost daily in the media. Admittedly, drafting...more

SEC Charges Investment Adviser with Failure to Adopt Proper Cybersecurity Policies and Procedures Prior to Cyberattack

On Tuesday, September 22, 2015, the SEC charged an investment adviser with failing to adopt a written policy and procedure reasonably designed to safeguard customer records and information. The charge spawned from a July 2013...more

SEC Enforcement Action Alleges an Adviser Failed to Adopt Adequate Cybersecurity Policies and Procedures; SEC Issues an Investor...

On September 22, 2015, the Securities and Exchange Commission (SEC) filed a settled administrative proceeding[1] alleging that a registered investment adviser failed to adopt cybersecurity procedures in violation of an SEC...more

10 Million Affected by Sophisticated Cyberattack

The latest major health insurance data breach of 2015 reported by Excellus BlueCross BlueShield is considered one of the top 20 worst reported breaches of a healthcare organization. The attack affected about 7 million...more

SEC Files Its First Cybersecurity Enforcement Action

Cybersecurity is one of the current hot topics of discussion. Regulators here and abroad have expressed concern regarding cybersecurity. Breaches are periodically reported in the media. Now the SEC has brought its first...more

New Round of SEC Cybersecurity Examinations of Financial Service Firms and Their Cyber Controls

The Office of Compliance Inspections and Examinations (the OCIE) has just published a new Risk Alert on cyber risks and precautions identifying specific areas it will be focusing on during the second round of examinations of...more

SEC Says No More Mr. Nice Guy on Investment Adviser Cybersecurity

Over the last couple years, the SEC’s cybersecurity bark has been worse than its bite. Its Office of Compliance, Inspections, and Examinations issued examination priorities in 2014. Commissioner Aguilar warned public...more

SEC OCIE Sharpens Focus on Cybersecurity

If you read one thing... - On September 15th, the SEC OCIE announced in a Risk Alert it will launch a second round of cybersecurity examinations of registered broker-dealers and investment advisers, which will be more...more

SEC Issues Cybersecurity Examination Risk Alert

On September 15, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert re-emphasizing the careful scrutiny it will give to the data security practices of...more

SEC’s OCIE Risk Alert Announces New Cybersecurity Exam Initiative – Focus Includes Conducting Tests of Efficacy of Firm’s...

Following up on last year’s cybersecurity sweep exam, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a new Risk Alert on September 15, 2015, announcing a second round of cybersecurity exams. In...more

Burning Down The House – The Wyndham Decision Allows The FTC To Sue Businesses For Getting Hacked

As it is commonly understood, the Great Fire of London spawned two fixtures of the modern world: advancements in firefighting and property insurance. The risk of fire was seen as a threat to society as a whole and mechanisms...more

FTC v. Wyndham Worldwide Group - A Warning From the Third Circuit

On August 24, in  FTC v. Wyndham Worldwide Corp. et al, the Third Circuit Court of Appeals affirmed that the FTC could enforce its own reasonable interpretation of what cybersecurity standards are necessary to avoid...more

Four Easy Steps to Protecting Your Privacy on an iPhone

In today’s world, we use smartphones for more than just making calls. From emailing, to calendaring events, to taking photos, we store so much data on our handhelds. We sometimes even store important financial information...more

Stolen Laptop Bag Leads to $750,000 Fine for Oncology Group

On September 2, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a substantial settlement with an Indiana-based oncology group, Cancer Care Group, P.C. (CCG). Under the terms of...more

Five Legal Issues Your eSports Company Needs to Know About Operating in the U.S.

With a $143 million market in North America, eSports is big business in the U.S. And given its swift rise in popularity – 205 million people worldwide watched or played eSports in 2014, it will only become bigger. At last...more

What Do Ashley Madison and Security as a Service Have in Common?

The Ashley Madison hack is the latest high profile data breach to hit the front page headlines. The extramarital dating site leaked the personal data of over 40 million users and as a result could be the subject of multiple...more

The WSGR Data Advisor - September 2015

In this issue of The WSGR Data Advisor, we examine the FCC’s recent TCPA declaratory ruling and order addressing issues regarding calling and texting consumers, and discuss the new privacy, data security, and transparency...more

Wyndham Opinion Affirms FTC’s Power to Regulate Cybersecurity Practices

On August 24, 2015, the Third Circuit affirmed the United States District Court for the District of New Jersey’s denial of a motion to dismiss in FTC v. Wyndham Worldwide Corp. In Wyndham, the Federal Trade Commission...more

3rd Circuit Affirms FTC’s Cybersecurity Oversight

If you read one thing: - The Federal Trade Commission (FTC) secured a major appellate victory in its quest to challenge lax corporate cybersecurity practices - In light of the 3rd Circuit’s decision,...more

In FTC v. Wyndham Worldwide, Third Circuit Upholds FTC Authority to Enforce Flawed Cybersecurity Measures

In a much anticipated decision, the Third Circuit Court of Appeals affirmed the authority of the Federal Trade Commission (FTC) to enforce actions against companies who have been subject to a data breach. The FTC sued...more

Health Update - August 2015

Five Lessons From 2015 Healthcare Deals - In 2015, we already have seen a great deal of activity in healthcare transactions that is attracting antitrust scrutiny, with mixed results. Among the winners have been Cabell...more

97 Results
View per page
Page: of 4

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.