The year 2023 saw continued expansion of public interest in privacy rights, data security and related legislation. Comprehensive privacy laws took effect in five states, while 12 more states enacted similar laws that will...more
The New York State Department of Financial Services (NYDFS) adopted comprehensive amendments to its cybersecurity regulations (known as Part 500) on Nov. 1. The draft amendments were first published in July 2022 and finalized...more
Gov. Gavin Newsom signed the Delete Act (the Act) on Oct. 11, making it easier for California consumers to instruct data brokers to delete their personal information or refrain from selling or sharing it. Consumers already...more
By a 3-2 vote on July 26, the U.S. Securities and Exchange Commission (SEC) adopted final rules enhancing disclosure requirements regarding public companies’ cybersecurity risk management, strategy, governance and incident...more
On July 10, the European Union and the United States finalized the EU-U.S. Data Privacy Framework (DPF), an agreement that allows for the transfer of personal data from residents of the EU to certified companies in the U.S....more
7/26/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
International Data Transfers ,
Personal Data ,
Regulatory Reform ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
U.S. Commerce Department
On July 5, 2023, the New York City Department of Consumer and Work Protection (DCWP) will begin enforcement of Local Law 144 (Law), which regulates employers’ use of “automated employment decision tools” (AEDTs) to screen...more
The year 2022 saw a groundswell of interest in privacy rights and related legislation. Five states enacted new laws or regulations aimed at protecting a general right to privacy, while the U.S. government came closer than...more
1/24/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FinCEN ,
NYDFS ,
Popular ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC)
On Nov. 22, 2022, the Securities and Exchange Commission (SEC) charged an investment adviser subsidiary of a major U.S. financial institution with violations of Section 206(4) of the Investment Advisers Act of 1940 (Advisers...more
On Aug. 24, 2022, California Attorney General Rob Bonta (AG) announced the first public fine for failure to comply with the California Consumer Privacy Act (CCPA). Beauty products retailer Sephora Inc. agreed in a settlement...more
On June 30, 2022, the U.S. Supreme Court held in West Virginia v. Environmental Protection Agency, 597 U.S. ___ (2022), that the Clean Air Act did not clearly authorize the Environmental Protection Agency (EPA) to create the...more
7/12/2022
/ Air Pollution ,
Clean Air Act ,
Clean Power Plan ,
Climate Change ,
Disclosure Requirements ,
Environmental Policies ,
Environmental Protection Agency (EPA) ,
Greenhouse Gas Emissions ,
Power Plants ,
Regulatory Authority ,
SCOTUS ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
West Virginia v EPA
On April 28, the Securities and Exchange Commission (SEC) filed a complaint against the Brazilian mining company Vale S.A., alleging that the company made false and misleading statements to investors about the company’s...more
On March 21, 2022, the Securities and Exchange Commission (SEC) issued for comment proposed rules requiring companies to include climate-related disclosures in their registration statements and periodic reports filed under...more
On Feb. 23, 2022, the European Commission (Commission) announced a proposed Directive on Corporate Sustainability Due Diligence, which would establish uniform EU-wide requirements to foster compliance with certain...more
On Feb. 9, 2022, the Securities and Exchange Commission (SEC or Commission) proposed a suite of new rules and amendments concerning cybersecurity risk management for registered investment advisers (advisers) and registered...more
2/14/2022
/ Broker-Dealer ,
Comment Period ,
Cybersecurity ,
Form ADV ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Registered Investment Advisors ,
Securities and Exchange Commission (SEC)
In January, the New York State Assembly and Senate introduced identical bills seeking to impose broad environmental, social and governance (ESG) mandates on the global fashion industry. If passed, the Fashion Sustainability...more
Demonstrating its continued focus on cybersecurity enforcement, the Securities and Exchange Commission (SEC) announced three new actions on Aug. 30 charging eight firms with maintaining deficient cybersecurity policies and...more
On July 9, 2021, New York City enacted a new biometric ordinance regulating how businesses handle biometric identifier information. The new law is the first of its kind in New York and requires commercial establishments...more
On June 14, the Securities and Exchange Commission (SEC) announced a $490,000 settlement with the real estate services provider First American Financial Corporation (First American) for violations of disclosure controls and...more
Building off a 2018 alert outlining cyber threats generally, and following the federal indictment for money laundering of the founders of the offshore cryptocurrency exchange BitMEX, on Oct. 8, 2020, the U.S. Department of...more
10/13/2020
/ Bitcoin ,
BSA/AML ,
Cryptocurrency ,
Department of Justice (DOJ) ,
Digital Assets ,
Distributed Ledger Technology (DLT) ,
Enforcement Priorities ,
Federal Agency Taskforce ,
FinCEN ,
Money Laundering ,
Money Services Business ,
Popular ,
White Collar Crimes
The Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has published a risk alert, warning SEC-registered investment advisers, brokers and dealers about the increasing use of...more
10/1/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Financial Institutions ,
Investment Adviser ,
OCIE ,
Regulation S-ID ,
Regulation S-P ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Can management of a Delaware corporation block members of the board of directors from gaining access to the company’s privileged information? The Delaware Court of Chancery recently addressed this question in the ongoing...more
9/1/2020
/ Board Members ,
Board of Directors ,
Conflicts of Interest ,
Corporate Counsel ,
Corporate Governance ,
Corporate Sales Transactions ,
Discovery Disputes ,
First Impression ,
Joint Clients ,
Privileged Communication ,
SoftBank ,
Special Committees
On July 16, the European Court of Justice (ECJ or the Court) struck down the EU-U.S. Privacy Shield program. The ruling invalidated an earlier European Commission (Commission) decision (Privacy Shield adequacy determination)...more
Facial recognition is a rapidly evolving area of technology with myriad potential commercial uses. Reflecting the rapid growth in this area, regulations related to facial recognition are changing across all levels of...more
9/4/2019
/ Biometric Information ,
Data Collection ,
Data Management ,
Department of Homeland Security (DHS) ,
Facial Recognition Technology ,
FBI ,
Forensic Examination ,
Government Agencies ,
Immigration and Customs Enforcement (ICE) ,
Law Enforcement ,
NIST ,
Privacy Concerns ,
Regulatory Standards
The New York Department of Financial Services’ (DFS) January 2019 insurance circular letter, which advised New York-licensed life insurance carriers on the use of external consumer data and information sources in...more
8/1/2019
/ Algorithms ,
Artificial Intelligence ,
Consumer Insurance Products ,
Cooperative Compliance Regime ,
Customer Information ,
Data Management ,
Discrimination ,
Financial Services Industry ,
Insurance Regulations ,
Life Insurance ,
New Guidance ,
NYDFS ,
Predictive Analytics ,
Regulatory Standards ,
Transparency ,
Underwriting
New York is gearing up to enact some of the toughest cybersecurity, privacy and data protection laws in the country. Modeled on the European Union’s General Data Protection Regulation (GDPR) and the California Consumer...more
7/18/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Notification Requirements ,
Pending Legislation ,
Personal Data ,
Personally Identifiable Information ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes