Katherine Doty Hanniford

Katherine Doty Hanniford

Alston & Bird

Contact
View Bio
RSS

Latest Publications

Share:

Top 10 Issues General Counsel Need to Know About Ransomware in 2024

Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more

2/26/2024  /  Corporate Counsel , Cyber Attacks , Cyber Crimes , Cyber Threats , Cybersecurity , Data Breach , Data Protection , Data Security , Data Theft , NYDFS , Popular , Ransomware , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

HHS Issues Cybersecurity Performance Goals Specific to the Health Care and Public Health Sector

Our Health Care and Privacy, Cyber & Data Strategy Groups delve into the Department of Health and Human Services’ extensive efforts to encourage health care organizations to better protect patients’ privacy through better...more

2/6/2024  /  Centers for Medicare & Medicaid Services (CMS) , Cybersecurity , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare Facilities , NIST , Popular , Public Health

NYDFS Releases Industry Letter on the Use of Self-Service Password Reset Feature

On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password...more

1/24/2024  /  Cybersecurity , Financial Services Industry , NYDFS , Passwords , Risk Management

SEC’s Cybersecurity Rules – SEC Issues Guidance and DOJ Establishes Processes for the National Security or Public Safety Exception

Our Securities and Privacy, Cyber & Data Strategy teams unpack the Department of Justice’s (DOJ) process for companies seeking to delay Form 8-K disclosures under the Securities and Exchange Commission’s (SEC) cybersecurity...more

12/22/2023  /  Cyber Incident Reporting , Cybersecurity , Department of Justice (DOJ) , Disclosure Requirements , FBI , Form 8-K , National Security , Popular , Publicly-Traded Companies , Securities and Exchange Commission (SEC)

NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations

After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s...more

12/19/2023  /  Cybersecurity , Data Security , Enforcement Actions , Financial Services Industry , NYDFS , Popular

Ransomware Group, in Midst of Extortion Attempt, Files Regulatory Notice with SEC

Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own...more

11/20/2023  /  Cyber Crimes , Cybersecurity , Data Breach , Data Privacy , Data Security , Securities and Exchange Commission (SEC)

FTC Approves New Data Breach Notification Requirement for Nonbanking Financial Institutions

With an amendment to its Safeguards Rule, the Federal Trade Commission has joined other federal agencies regulating cybersecurity breaches. Our Privacy, Cyber & Data Strategy Team analyzes how the amendment will affect...more

11/15/2023  /  Breach Notification Rule , Cybersecurity , Data Breach , Data Protection , Federal Trade Commission (FTC) , Financial Institutions , Financial Services Industry , Non-Bank Lenders , Notification Requirements , Safeguards Rule

The SEC Sues SolarWinds and Its CISO for Alleged Fraud and Disclosure Controls Failures

Our Securities Litigation, Securities, and Privacy, Cyber & Data Strategy teams outline vital takeaways for public companies and their directors and officers in light of the Securities and Exchange Commission’s recent civil...more

11/13/2023  /  Chief Information Security Officer (CISO) , Corporate Liability , Cybersecurity , Data Security , Disclosure Requirements , Enforcement Actions , Fraud , Popular , Publicly-Traded Companies , Securities and Exchange Commission (SEC) , SolarWinds

NYDFS Finalizes Second Amendment to Its Cybersecurity Regulation

Our Privacy, Cyber & Data Strategy and Privacy & Cybersecurity Litigation teams examine the New York Department of Financial Services’ finalized Second Amendment to its Cybersecurity Regulation....more

11/10/2023  /  Compliance , Cybersecurity , Financial Institutions , Financial Services Industry , Notice Requirements , NYDFS , Popular

FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions

On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer...more

11/1/2023  /  Cybersecurity , Data Breach , Data Security , Federal Trade Commission (FTC) , Financial Institutions , Gramm-Leach-Blilely Act , Personally Identifiable Information , Popular , Safeguards Rule

The Latest in the SEC’s Off-Network Communications Enforcement Sweep

On September 29, 2023, the U.S. Securities and Exchange Commission (SEC) announced enforcement actions against five broker-dealers, three dually registered broker-dealers and investment advisers, and two affiliated investment...more

10/13/2023  /  Broker-Dealer , Enforcement Actions , Fraud , Investment Adviser , Securities and Exchange Commission (SEC) , Settlement , WhatsApp

SEC Adopts New Cybersecurity Disclosure Rules for Public Companies

Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s final changes to its cybersecurity reporting rules for public companies...more

8/2/2023  /  Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Form 8-K , Publicly-Traded Companies , Regulation S-K , Risk Management , Securities and Exchange Commission (SEC)

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its...more

7/12/2023  /  Cybersecurity , Data Protection , Financial Services Industry , NYDFS , Popular , Risk Assessment

NYDFS Penalizes bitFlyer $1.2 Million for Violations to Cybersecurity Regulation

On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure...more

5/15/2023  /  Cryptocurrency , Cybersecurity , Enforcement Actions , NYDFS , Popular , Risk Assessment

New NAIC Consumer Privacy Model Law Proposed for Insurers

The National Association of Insurance Commissioners (NAIC) Privacy Protections Working Group (the “Working Group”) released Insurance Consumer Privacy Protection Model Law #674 (“Model 674”) for comment on February 1, 2023....more

2/22/2023  /  Data Protection , Health Insurance Portability and Accountability Act (HIPAA) , Insurance Industry , NAIC

NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022....more

11/22/2022  /  Asset Management , Cybersecurity , Data Protection , Data Retention , Financial Institutions , Financial Services Industry , NYDFS , Popular

FTC Takes Action Against Ed Tech Provider for Failure to Secure Student’s Personal Information

On October 31, 2022, the Federal Trade Commission (FTC) announced it has taken action against education technology provider Chegg Inc. (“Chegg”) for its “careless” cybersecurity practices that exposed sensitive personal...more

11/4/2022  /  Cybersecurity , Data Breach , Data Privacy , Enforcement Actions , Federal Trade Commission (FTC) , Personally Identifiable Information

$1.8 Billion in SEC and CFTC Fines Highlights Continued Scrutiny of Unapproved Messaging Platforms

Federal enforcement agencies continue to scrutinize investment advisers’ use of personal devices and messaging platforms to conduct business. Our team reviews how recent penalties should encourage companies to create internal...more

10/5/2022  /  CFTC , Department of Justice (DOJ) , Enforcement Actions , Instant Messaging Apps , Investment Adviser , Regulatory Oversight , Securities and Exchange Commission (SEC)

SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously

On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of...more

9/28/2022  /  Compliance , Cybersecurity , Data Protection , Data Security , Investment Adviser , Securities and Exchange Commission (SEC)

SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies

On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity...more

8/2/2022  /  Broker-Dealer , Cybersecurity , Data Protection , Enforcement Actions , Identity Theft , Investment Adviser , Securities and Exchange Commission (SEC)

Maryland Amends Data Breach and Reasonable Security Requirements

Maryland recently passed House Bill 962, amending Maryland’s Personal Information Protection Act (PIPA) (Md. Code Ann. Comm. Law 14-3504). As summarized below, House Bill 962 amends certain aspects of PIPA relating to breach...more

7/7/2022  /  Breach Notification Rule , Data Breach , Data Protection , Data Security , PIPA

SEC Proposes Sweeping New Cybersecurity Disclosure Rules for Public Companies

Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s latest sweeping changes to its cybersecurity reporting rules for public...more

3/16/2022  /  Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Form 10-Q , Form 8-K , Publicly-Traded Companies , Regulation S-K , Risk Management , Securities and Exchange Commission (SEC) , Securities Exchange Act

SEC Cements Expectations for Investment Advisers’ and Investment Companies’ Cyber Preparedness and Disclosure

Our Privacy, Cyber & Data Strategy and Investment Management, Trading & Markets Teams review the Securities and Exchange Commission’s potentially transformative proposed rules that would require registered investment...more

3/14/2022  /  Comment Period , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Investment Adviser , Investment Companies , Proposed Rules , Risk Management , Securities and Exchange Commission (SEC)

President Biden Issues Executive Order Directing Coordinated Federal Approach to Digital Assets

As a result of the rise in digital assets, President Biden signed an Executive Order on March 9, 2022 ordering a review of the nation’s approach to cryptocurrency. The Executive Order on Ensuring Responsible Development of...more

3/11/2022  /  Biden Administration , Central Bank Digital Currency (CBDCs) , Consultation , Cryptocurrency , Digital Assets , Executive Orders , Federal Reserve , Regulatory Oversight , U.S. Treasury

SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events

On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund and private fund disclosure requirements and increase regulators’ visibility into the private funds industry....more

2/1/2022  /  Cyber Attacks , Cybersecurity , Disclosure Requirements , Hedge Funds , Investment Funds , Notice and Comment , Private Equity Funds , Private Funds , Proposed Rules , Securities and Exchange Commission (SEC)
59 Results
 / 
View per page
Page: of 3
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide