The year 2023 saw continued expansion of public interest in privacy rights, data security and related legislation. Comprehensive privacy laws took effect in five states, while 12 more states enacted similar laws that will...more
The public and private focus on corporate governance continued apace in the first half of 2023. In recent months, there were notable developments in jurisprudence potentially impacting corporate diversity initiatives and in...more
7/12/2023
/ 10b5-1 Plans ,
Civil Rights Act ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Export Administration Regulations (EAR) ,
Fourteenth Amendment ,
Popular ,
Sanction Violations ,
Section 11 ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Title VI ,
Wells Fargo
On March 15, 2023, the Securities and Exchange Commission (SEC) proposed three rule changes that demonstrate its continued focus on cybersecurity. One of these proposals, and the only one to be unanimously approved (the...more
On Oct. 24, the Federal Trade Commission (FTC) issued a proposed decision and order against Drizly LLC and its CEO regarding allegations that the company’s security failures led to a data breach exposing the personal...more
On March 15, 2022, President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (the Act) into law as part of the $1.5 trillion fiscal 2022 omnibus spending package. The Act will create a mandatory...more
On June 14, the Securities and Exchange Commission (SEC) announced a $490,000 settlement with the real estate services provider First American Financial Corporation (First American) for violations of disclosure controls and...more
Ransomware threats and attacks dominated the cyber news cycle in 2020 and into 2021. With the global pandemic and the uptick in remote work and learning, cybercriminals and nation-state hackers have seized on vulnerabilities...more
2/10/2021
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Hackers ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Management ,
Underwriting
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
11/5/2020
/ British Airways ,
CNIL ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular
On April 13, the New York State Department of Financial Services (DFS) issued guidance to its regulated institutions on how to manage cyber-risks connected to remote working, amid a “significant” increase in cybercrime...more
At the end of January, the U.S. Securities and Exchange’s Office of Compliance Inspections and Examinations (OCIE) released its “Observations on Cybersecurity and Resiliency Practices” (Observations)....more
2/13/2020
/ Best Practices ,
Bring Your Own Device (BYOD) ,
Business Continuity Plans ,
C-Suite Executives ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Loss Prevention ,
Data Management ,
Data Protection ,
Denial of Service Attacks ,
Disclosure Requirements ,
Incident Response Plans ,
Malware ,
Mobile Device Management ,
Mobile Devices ,
OCIE ,
Policies and Procedures ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Liability ,
Vendors
This Update highlights key legal and policy developments in cybersecurity and privacy law that may impact important trends for 2019 and beyond. A central takeaway from 2018 is that regulators in the U.S. and abroad are...more
1/28/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
CLOUD Act ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Google ,
Hackers ,
International Data Transfers ,
Marriott ,
Microsoft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Power Plants ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC) ,
Stored Communications Act
On Feb. 21, the Securities and Exchange Commission (SEC) released interpretive guidance on public companies’ disclosure practices regarding cybersecurity breaches and risks to the public....more
3/1/2018
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Hackers ,
Insider Trading ,
Investment Adviser ,
New Guidance ,
Personally Identifiable Information ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)