For the 2025 proxy and annual reporting season, there are a number of key issues to consider and keep an eye on for further developments as preparations commence. This alert provides an overview of these issues and updates in...more
The first year of a new significant regulatory obligation is often more notable for the absence of regulatory enforcement actions as regulators often observe compliance efforts and challenges, offer guidance, and look for...more
1/7/2025
/ Chief Information Security Officer (CISO) ,
Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
Form 10-K ,
Form 8-K ,
Materiality ,
NIST ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC)
The Securities and Exchange Commission entered into a resolution agreement with R.R. Donnelley & Sons (RRD) on June 18, 2024 with RRD agreeing to pay $2.125 million to resolve disclosure and control violations alleged by the...more
For the upcoming 2024 proxy and annual reporting season, there are a number of key issues to consider and keep an eye on for further developments as preparations commence. This alert provides an overview of these issues and...more
12/6/2023
/ Annual Reports ,
Climate Change ,
Corporate Governance ,
Cybersecurity ,
Disclosure Requirements ,
Environmental Social & Governance (ESG) ,
Proxy Season ,
Proxy Statements ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Securities Regulation
In July 2023, the SEC adopted new cybersecurity rules for the stated purpose of enhancing and standardizing disclosures regarding cybersecurity risk management, strategy, governance and incidents by public companies. The...more
10/27/2023
/ Compliance ,
Compliance Dates ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Materiality ,
Popular ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On March 9, 2022, the SEC released proposed rules intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and cyber incident reporting by companies that are subject to the...more
3/14/2022
/ Comment Period ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Foreign Private Issuers ,
Form 8-K ,
Policies and Procedures ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
Last month, as part of BakerHostetler’s “Look Back, Look Ahead: Advertising and Marketing Law in 2021 & 2022” webinar series, partners Craig A. Hoffman and Victoria Weatherford presented on recent trends and predictions on...more
Last month, as part of BakerHostetler’s “Look Back, Look Ahead: Advertising and Marketing Law in 2021 & 2022” webinar series, partners Craig A. Hoffman and Victoria Weatherford presented on recent trends and predictions on...more
3/2/2022
/ Advertising to Minors ,
AMG Capital Management LLC v FTC ,
Biden Administration ,
Data Breach ,
EHR ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Marketing ,
Opioid ,
State Attorneys General ,
State Privacy Laws ,
Students
Our 2021 Data Security Incident Response Report (DSIR) described ransomware as a scourge. There are stories every day about new threat actor groups and their victims. There are task forces, law enforcement initiatives,...more
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key...more
On Oct. 25, 2019, BakerHostetler’s Financial Services industry team, in collaboration with the Ohio Bankers League, held its third Financial Services Summit in Columbus, Ohio. The speakers included Ohio Senator Sherrod Brown...more
Organizations across all industries, including government agencies, are facing a surge of ransomware attacks launched by cybercriminals. New types of ransomware principally causing this surge have the potential to cause...more
Ohio will soon have a law in place that provides a “legal safe harbor” from tort claims related to a data breach, to entities that have implemented and comply with certain cybersecurity frameworks. It remains to be seen...more
Axioms are common in the privacy and security space. One that has been popping up with more frequency is “privacy and security is an enterprise risk that requires an enterprise-wide effort to appropriately address.” It is...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack.
Join members of BakerHostetler’s...more
On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) issued cybersecurity disclosure guidance for public companies (“SEC Guidance”) that, according to SEC Chair Jay Clayton, “reinforces and expands” on...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack....more
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to...more
4/19/2017
/ Chief Compliance Officers ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Hotlines ,
Incident Response Plans ,
Ransomware
BakerHostetler began publishing its Data Security Incident Response Report in 2015. Although we were the first law firm to do so, inspiration for the report came from similar reports that cybersecurity firms issue. We will be...more
Cue the year-end articles saying that this was the worst year to date for data breaches. Follow that with more dire predictions for 2017. Layer in one-size-fits-all recommendations to mitigate these risks. And finish with...more
Public companies that are proactively working to mitigate “cyber” risks and prepare to respond to potential incidents frequently ask whether a “breach” will lead to litigation, loss of customers, stock price decline, and...more
12/21/2016
/ Board of Directors ,
Breach of Duty ,
Cybersecurity ,
Data Breach ,
Derivative Suit ,
Duty of Loyalty ,
Home Depot ,
Popular ,
Proxy Statements ,
Shareholder Litigation ,
Shareholders
Venmo is a peer-to-peer mobile payments service that PayPal acquired in 2013. Users can transfer money to another person using a mobile or web application (e.g., send money to a friend to split the cost of dinner). On May 20,...more
The Consumer Financial Protection Bureau (CFPB) announced on March 2, 2016, that it had entered into a consent order with online payment platform Dwolla to resolve the CFPB’s claims regarding statements made by Dwolla about...more
Please join the BakerHostetler Class Action Defense Team's webinar on February 10, 2015, from 12:00-1:15 p.m., discussing the risks and trends expected to affect consumer financial services in 2016. The presenters will draw...more
We provided incident response and incident response preparedness services to hundreds of companies in 2015. The questions we answered were as unique and varied as the incidents companies faced....more