An interview with Joe Santiesteban, Partner at Orrick by Richard Hsu...more
The Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security, has proposed a rule that would govern whether, when, and how companies in critical infrastructure sectors report...more
The average cost of a data breach has reached an all-time high of $4.45 million, according to IBM. Regulatory requirements, scrutiny, and enforcement have continued to expand. As we kick off 2024, here are the key action...more
The U.S. Securities and Exchange Commission (SEC) has filed a fraud suit against SolarWinds and its chief information security officer (CISO), alleging they made false statements regarding the company’s security practices and...more
The SEC has finalized rules requiring public companies to disclose information about cybersecurity incidents, risk management, strategy and governance. This guide to help public companies comply with SEC rules covers...more
The SEC has scheduled an open meeting on Wednesday to decide on the adoption of eagerly anticipated cybersecurity incident and governance reporting rules. If the agency adopts rules that align with what it proposed last year,...more
Lawyers and communicators play important roles in protecting a business from reputational harm and legal liability. They serve an organization best when they work together and often can benefit from knowing more about each...more
On May 1, the New York Department of Financial Services (“NYDFS” or “Department”) and a trading platform entered into a consent order to resolve deficiencies identified during examinations conducted in 2018 and 2020. The...more
6/6/2023
/ BitLicense ,
Consent Order ,
Consumer Financial Products ,
Covered Entities ,
Crypto Exchanges ,
Cryptocurrency ,
Cybersecurity ,
Enforcement Actions ,
Financial Services Industry ,
Fines ,
NYDFS ,
Policy Terms ,
Risk Assessment ,
Virtual Currency
In 2022, the stakes for data breaches grew in more ways than one. IBM reported the average cost of a data breach is up to $4.35 million. More importantly, though, regulators have zeroed in on higher-level executives and...more
The Internal Revenue Service (“IRS”) has an active program of auditing tax-exempt bonds, and conducts those audits in a manner intended to ensure confidential information is not improperly disclosed. As part of those efforts,...more
The Federal Trade Commission (FTC) recently announced its position on breach notification: “Regardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties...more
Governmental entities have increasingly experienced cybersecurity incidents impacting their operations and finances over the last few years, with some breaches costing upwards of $40 million. Many issuers and borrowers of...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) released a “Sharing Cyber Event Information” Fact Sheet on April 7 that may preview its implementation of the new federal government cyber incident reporting...more
The Department of Justice (DOJ)’s Civil Cyber-Fraud Initiative, less than six months old, just resolved the first case against Comprehensive Health Services (CHS). There are two critical takeaways for all organizations that...more
On February 9, 2022, the Securities and Exchange Commission (SEC) proposed expansive new rules addressing cybersecurity risk management for registered investment advisers (advisers) and investment companies (funds). The...more