On Feb. 9, 2022, the Securities and Exchange Commission (SEC or Commission) proposed a suite of new rules and amendments concerning cybersecurity risk management for registered investment advisers (advisers) and registered...more
2/14/2022
/ Broker-Dealer ,
Comment Period ,
Cybersecurity ,
Form ADV ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Registered Investment Advisors ,
Securities and Exchange Commission (SEC)
On Nov. 18, 2021, federal bank regulatory agencies approved a final rule requiring banking organizations to notify regulators of “any significant computer-security incident” as soon as possible and no later than 36 hours...more
On Oct. 6, 2021, Deputy Attorney General Lisa O. Monaco announced the creation of a Department of Justice (DOJ) Civil Cyber-Fraud Initiative (the Initiative). According to the announcement, the Initiative combines the DOJ’s...more
On Sept. 14, 2021, the Securities and Exchange Commission (SEC) entered a cease-and-desist order against App Annie Inc. and its co-founder and former CEO, Bertrand Schmitt, after agreeing to settle securities fraud claims....more
On June 4, the European Commission (EC) adopted two sets of standard contractual clauses (SCCs) for use between controllers and processers in the European Economic Area (EEA) and for the transfer of data between EEA and...more
6/17/2021
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Introduction -
The proliferation of data and the rise of affordable cloud computing services has led many companies and organizations to outsource their data storage to third parties, a practice that raises numerous issues...more
On Nov. 24, 2020, the State of New York Court of Appeals ruled in favor of Kramer Levin client Sutton 58 Associates LLC (Sutton), an affiliate of Gamma Real Estate, in its $100 million lawsuit brought against real estate...more
On July 16, the European Court of Justice (ECJ or the Court) struck down the EU-U.S. Privacy Shield program. The ruling invalidated an earlier European Commission (Commission) decision (Privacy Shield adequacy determination)...more
New York courts are resuming some operations, but eviction proceedings, including for violations of commercial leases, are still suspended. However, those contracts — and the obligations they created — still exist. ...more
6/1/2020
/ Commercial Leases ,
Commercial Tenants ,
Contract Negotiations ,
Contract Terms ,
Coronavirus/COVID-19 ,
Eviction ,
Force Majeure Clause ,
Frustration of a Common Purpose ,
Impossibility ,
Landlords ,
Moratorium ,
Relief Measures ,
Rent ,
Rental Property ,
Tenants
Below is a list of resources detailing responses to the coronavirus disease (COVID-19) by New York state and New York federal courts, alternative dispute resolution forums, and certain regulators. We will update these...more
At the end of January, the U.S. Securities and Exchange’s Office of Compliance Inspections and Examinations (OCIE) released its “Observations on Cybersecurity and Resiliency Practices” (Observations)....more
2/13/2020
/ Best Practices ,
Bring Your Own Device (BYOD) ,
Business Continuity Plans ,
C-Suite Executives ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Loss Prevention ,
Data Management ,
Data Protection ,
Denial of Service Attacks ,
Disclosure Requirements ,
Incident Response Plans ,
Malware ,
Mobile Device Management ,
Mobile Devices ,
OCIE ,
Policies and Procedures ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Liability ,
Vendors
For more than 50 years, a commercial tenant threatened with eviction could count on obtaining a Yellowstone injunction tolling the tenant’s time to cure alleged lease defaults while challenging the legitimacy of those...more
1/14/2020
/ Appeals ,
Commercial Leases ,
Commercial Tenants ,
Contract Terms ,
Cure Periods ,
Declaratory Judgments ,
Default ,
Eviction ,
Injunctions ,
Landlords ,
New Legislation ,
Notice of Default ,
Public Policy ,
State and Local Government ,
Tolling ,
Waivers
The Cayman Islands recently implemented data protection legislation similar to that adopted elsewhere in the world, including the EU’s General Data Protection Regulation (GDPR). The GDPR forced many businesses outside its...more
11/1/2019
/ Breach Notification Rule ,
Cayman Islands ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Investment Adviser ,
Investment Management ,
New Legislation ,
Personal Data ,
Private Investment Funds
Facial recognition is a rapidly evolving area of technology with myriad potential commercial uses. Reflecting the rapid growth in this area, regulations related to facial recognition are changing across all levels of...more
9/4/2019
/ Biometric Information ,
Data Collection ,
Data Management ,
Department of Homeland Security (DHS) ,
Facial Recognition Technology ,
FBI ,
Forensic Examination ,
Government Agencies ,
Immigration and Customs Enforcement (ICE) ,
Law Enforcement ,
NIST ,
Privacy Concerns ,
Regulatory Standards
New York is gearing up to enact some of the toughest cybersecurity, privacy and data protection laws in the country. Modeled on the European Union’s General Data Protection Regulation (GDPR) and the California Consumer...more
7/18/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Notification Requirements ,
Pending Legislation ,
Personal Data ,
Personally Identifiable Information ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
Following extensive consultations, the European Commission’s High-Level Expert Group on AI released ethics guidelines on the use of artificial intelligence. Three broad principles emerged from those guidelines, suggesting...more
1. Binding Corporate Rules To Facilitate Intragroup Data Transfer -
Personal data is meant to circulate without boundaries inside the European Union (EU). The General Data Protection Regulation (GDPR) subjects personal...more
We recently discussed the topic of risk management as it relates to artificial intelligence (AI) in financial services, and suggested certain tips for the financial services sector. This article is the first of a series that...more
5/2/2019
/ Algorithmic Trading ,
Artificial Intelligence ,
CFTC ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
MiFID II ,
Policies and Procedures ,
Popular ,
Registered Investment Advisors ,
Risk Management ,
Robo-Advisors ,
Securities and Exchange Commission (SEC) ,
Securities Traders
Until recently, whistleblowing raised many concerns in France and other European countries. Reporting on colleagues’ behavior, even if unlawful, was seen as risky business that could lead to dismissals and criminal sanctions...more
This Update highlights key legal and policy developments in cybersecurity and privacy law that may impact important trends for 2019 and beyond. A central takeaway from 2018 is that regulators in the U.S. and abroad are...more
1/28/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
CLOUD Act ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Google ,
Hackers ,
International Data Transfers ,
Marriott ,
Microsoft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Power Plants ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC) ,
Stored Communications Act
In the past, French law neither mandated nor provided any material incentives for companies to embrace compliance, corporate and social challenges. But things are dramatically changing in Europe, and more specifically in...more
On June 28, 2018, the California Consumer Privacy Act of 2018 (CCPA) was signed into law. The bill was drafted and passed quickly, just prior to a deadline for removing a similar initiative from the ballot that would have...more
On April 23 2018, the European Commission published a proposal for a Directive (the proposal or the Directive) on whistleblower protections in response to a request from the European Parliament...more
The Clarifying Lawful Overseas Use of Data Act (CLOUD Act) was recently signed into law as part of the omnibus appropriations bill. ...more
5/1/2018
/ CLOUD Act ,
Cloud Storage ,
Criminal Investigations ,
Dismissals ,
Electronically Stored Information ,
Extraterritoriality Rules ,
International Litigation ,
Mootness ,
SCOTUS ,
Search Warrant ,
Stored Communications Act ,
Subpoenas ,
US v Microsoft
On August 7, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert summarizing the results of its second cybersecurity preparedness examination. The...more