The Financial Crimes Enforcement Network (FinCEN) of the Treasury Department announced last week an Advance Notice of Proposed Rulemaking (ANPRM) to solicit public comment on a proposed rule that would address the...more
12/15/2021
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Anti-Money Laundering ,
Bank Secrecy Act ,
Banking Sector ,
Beneficial Owner ,
Financial Institutions ,
Financial Services Industry ,
FinCEN ,
Popular ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements
On Nov. 18, 2021, federal bank regulatory agencies approved a final rule requiring banking organizations to notify regulators of “any significant computer-security incident” as soon as possible and no later than 36 hours...more
Demonstrating its continued focus on cybersecurity enforcement, the Securities and Exchange Commission (SEC) announced three new actions on Aug. 30 charging eight firms with maintaining deficient cybersecurity policies and...more
On July 7, 2021, Colorado’s governor signed into law the Colorado Privacy Act (CPA), which follows similar privacy laws enacted in California and Virginia and is consistent with an expanding national trend. ...more
On June 14, the Securities and Exchange Commission (SEC) announced a $490,000 settlement with the real estate services provider First American Financial Corporation (First American) for violations of disclosure controls and...more
On June 7, the Department of Justice (DOJ) announced that it seized 63.7 of the 75 bitcoins paid by Colonial Pipeline to ransomware attackers last month. The recovered bitcoins were valued at $2.3 million at the time of...more
6/10/2021
/ Asset Seizure ,
Bitcoin ,
Cyber Attacks ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
FBI ,
Hackers ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain
Consistent with a growing national trend, Virginia joined California in recently passing consumer privacy legislation with broad national reach. Both the Virginia Consumer Data Protection Act ...more
4/8/2021
/ California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Popular
Most of the recent shareholder litigation that has followed the current wave of Special Purpose Acquisition Company (SPAC) offerings and associated business combinations has been based on federal securities law claims. ...more
Ransomware threats and attacks dominated the cyber news cycle in 2020 and into 2021. With the global pandemic and the uptick in remote work and learning, cybercriminals and nation-state hackers have seized on vulnerabilities...more
2/10/2021
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Hackers ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Management ,
Underwriting
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
11/5/2020
/ British Airways ,
CNIL ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular
Building off a 2018 alert outlining cyber threats generally, and following the federal indictment for money laundering of the founders of the offshore cryptocurrency exchange BitMEX, on Oct. 8, 2020, the U.S. Department of...more
10/13/2020
/ Bitcoin ,
BSA/AML ,
Cryptocurrency ,
Department of Justice (DOJ) ,
Digital Assets ,
Distributed Ledger Technology (DLT) ,
Enforcement Priorities ,
Federal Agency Taskforce ,
FinCEN ,
Money Laundering ,
Money Services Business ,
Popular ,
White Collar Crimes
The outbreak of the novel coronavirus disease 2019 (COVID-19) and the uncertainty surrounding its long-term implications have caused a noticeable disruption in the consummation of mergers and acquisitions (M&A) transactions....more
In a prior alert, we discussed Delaware Vice Chancellor J. Travis Laster’s Jan. 13, 2020, decision in Lebanon County Employees’ Retirement Fund v. AmerisourceBergen Corporation, a Section 220 books and records action brought...more
At the end of January, the U.S. Securities and Exchange’s Office of Compliance Inspections and Examinations (OCIE) released its “Observations on Cybersecurity and Resiliency Practices” (Observations)....more
2/13/2020
/ Best Practices ,
Bring Your Own Device (BYOD) ,
Business Continuity Plans ,
C-Suite Executives ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Loss Prevention ,
Data Management ,
Data Protection ,
Denial of Service Attacks ,
Disclosure Requirements ,
Incident Response Plans ,
Malware ,
Mobile Device Management ,
Mobile Devices ,
OCIE ,
Policies and Procedures ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Liability ,
Vendors
In a 63-page decision issued on Jan. 13, 2020, in Lebanon County Employees’ Retirement Fund v. AmerisourceBergen Corporation, Vice Chancellor J. Travis Laster of the Delaware Court of Chancery found that stockholders of...more
1/28/2020
/ Books & Records ,
Controlled Substances ,
Controlled Substances Act ,
Corporate Governance ,
DEA ,
Delaware General Corporation Law ,
Demand Letter ,
Depositions ,
Discovery ,
Drug & Alcohol Abuse ,
Drug Distribution ,
Enforcement Actions ,
Government Investigations ,
Inspection Rights ,
License Suspensions ,
Litigation Strategies ,
Opioid ,
Pain Management ,
Pharmaceutical Industry ,
Popular ,
Prescription Drugs ,
Rule 30(b)(6) ,
Sales & Distribution Agreements ,
Section 220 Request ,
Shareholder Litigation ,
Shareholders ,
Split of Authority
On Jan. 21, 2019, the French Data Protection Authority (CNIL) levied a 50 million euros sanction against Google LLC for violating the EU General Data Protection Regulation2 (GDPR) in the context of the first enforcement...more
2/27/2019
/ CNIL ,
Corporate Counsel ,
Data Protection ,
Enforcement Actions ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
Google ,
Personal Data ,
Popular ,
Prior Express Consent ,
Regulatory Violations ,
Transparency
This Update highlights key legal and policy developments in cybersecurity and privacy law that may impact important trends for 2019 and beyond. A central takeaway from 2018 is that regulators in the U.S. and abroad are...more
1/28/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
CLOUD Act ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Google ,
Hackers ,
International Data Transfers ,
Marriott ,
Microsoft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Power Plants ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC) ,
Stored Communications Act
In less than four months, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will enter into full effect, bringing with it an array of new individual rights and regulatory requirements....more
Whistleblowing has been part of the U.S. legal tradition, if not since the resolution passed by the Continental Congress in 1778, at least since the adoption of the 1863 False Claims Act. With regard to the disclosure of...more
5/26/2017
/ Anti-Corruption ,
Antitrust Provisions ,
Cartels ,
Cyber Attacks ,
Data Protection ,
EU ,
EU Trade Secrets Directive ,
European Commission ,
Popular ,
Sapin II ,
Trade Secrets ,
Whistleblower Protection Policies ,
Whistleblowers