The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America...more
2/15/2022
/ Broker-Dealer ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
Financial Services Industry ,
Investment Adviser ,
Investment Companies ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-P ,
Regulation SCI ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed a package of new rules and amendments to enhance cybersecurity preparedness and improve cyber resilience of investment advisers and investment...more
2/11/2022
/ Comment Period ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Disclosure Requirements ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Companies ,
Investment Company Act of 1940 ,
New Rules ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
9/16/2021
/ Broker-Dealer ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Information Security ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Firms ,
Personally Identifiable Information ,
Phishing Scams ,
Policies and Procedures ,
Regulation S-P ,
Safeguards Rule ,
Sanctions ,
Securities and Exchange Commission (SEC)
The exponential rise in ransomware attacks in the past year has everyone on high alert, not least of which are regulators. Following on the heels of a June 2, 2021 White House memo addressing ransomware prevention, on June...more
By this point, most businesses that regularly send and receive funds electronically have heard about the risk of wire fraud scams in which an intruder changes wiring instructions and diverts funds to its own account,...more
6/14/2021
/ Best Practices ,
Business E-Mail Compromise (BEC) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Phishing Scams ,
Portfolio Companies ,
Private Equity Firms ,
Spoofing ,
Wire Fraud ,
Wire Transfers
Regulation of the collection and use of biometric data is on the rise, a trend which is likely to continue through 2021 and beyond. Currently, three states have laws that regulate what private businesses can do with biometric...more
In early March, the New York State Department of Financial Services (“NYDFS”) announced a consent order that required Maine-based mortgage servicer Residential Mortgage Services, Inc. (“Residential”) to pay a $1.5 million...more
3/23/2021
/ Banking Sector ,
Business E-Mail Compromise (BEC) ,
Consent Order ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Failure to Report ,
Financial Institutions ,
Financial Services Industry ,
Mortgage Servicers ,
Non-Public Information ,
NYDFS ,
Personally Identifiable Information ,
Sensitive Personal Information
On March 2, 2021, Virginia enacted the Consumer Data Protection Act (“VCDPA”). The VCDPA will become effective January 1, 2023. The VCDPA shares its roots with the California Consumer Protection Act (“CCPA”) and the recently...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Acts ,
Data Security ,
Data Sellers ,
Data-Sharing ,
Enforcement Actions ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information
The recent flurry of Biometric Information Privacy Act (BIPA) activity in California and elsewhere has called into question the effectiveness of an increasingly common defense to BIPA litigation in Illinois: that federal...more
On December 15, 2020, Ireland’s Data Protection Commission (“DPC”) announced its decision to fine Twitter International Company (“Twitter”) €450,000 for failing to notify the DPC promptly of a data breach affecting EU...more
1/20/2021
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Commissioner ,
Data Security ,
EU ,
Failure to Notify ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Twitter
On November 9, 2020, the Federal Trade Commission (“FTC”) announced a settlement with Zoom Video Communications, Inc. (“Zoom”) to resolve allegations that the company misled customers about steps it had taken to protect...more
11/18/2020
/ Consent Agreements ,
Consent Order ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Settlement ,
Videoconference ,
Virtual Meetings ,
Zoom®
Cybercriminals love a crisis and COVID-19 is no different. In the last several weeks, cyber-crime has increased exponentially as hackers seek to take advantage of the migration to a remote workplace. As cybercriminals seek to...more
4/21/2020
/ Confidential Information ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Passwords ,
Phishing Scams ,
Popular ,
Remote Working ,
Risk Management ,
Videoconference
In the waning days of the legislative session, the California Legislature this month passed several notable measures amending the California Consumer Privacy Act (CCPA). While the Legislature surprised many by rejecting a...more
The FTC recently announced a record $170 million settlement with Google and its subsidiary YouTube to settle allegations that YouTube illegally collected personal information from children without parental consent, in...more
The Securities and Exchange Commission (the Commission) has published a report of an investigation (the Report) into whether certain public companies that suffered financial losses as a result of cyber-related fraud violated...more
In an apparent effort to fight the kinds of cyberattacks like the massive distributed denial-of-service (DDoS) attack that crippled much of the American internet in October 2016, the Department of Homeland Security (DHS)...more
It has been said that there are two types of companies in the world – those that have been hacked, and those that do not yet know they have been hacked. While perhaps an overstatement, it seems that every day, another company...more
6/13/2016
/ Cyber Attacks ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
D&O Insurance ,
Data Breach ,
Data Protection ,
E&O Insurance ,
Policy Exclusions ,
Popular ,
Risk Assessment