Latest Publications

Share:

Top 10 Issues General Counsel Need to Know About Ransomware in 2024

Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more

HHS Issues Cybersecurity Performance Goals Specific to the Health Care and Public Health Sector

Our Health Care and Privacy, Cyber & Data Strategy Groups delve into the Department of Health and Human Services’ extensive efforts to encourage health care organizations to better protect patients’ privacy through better...more

NYDFS Releases Industry Letter on the Use of Self-Service Password Reset Feature

On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password...more

SEC’s Cybersecurity Rules – SEC Issues Guidance and DOJ Establishes Processes for the National Security or Public Safety Exception

Our Securities and Privacy, Cyber & Data Strategy teams unpack the Department of Justice’s (DOJ) process for companies seeking to delay Form 8-K disclosures under the Securities and Exchange Commission’s (SEC) cybersecurity...more

NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations

After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s...more

Ransomware Group, in Midst of Extortion Attempt, Files Regulatory Notice with SEC

Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own...more

FTC Approves New Data Breach Notification Requirement for Nonbanking Financial Institutions

With an amendment to its Safeguards Rule, the Federal Trade Commission has joined other federal agencies regulating cybersecurity breaches. Our Privacy, Cyber & Data Strategy Team analyzes how the amendment will affect...more

The SEC Sues SolarWinds and Its CISO for Alleged Fraud and Disclosure Controls Failures

Our Securities Litigation, Securities, and Privacy, Cyber & Data Strategy teams outline vital takeaways for public companies and their directors and officers in light of the Securities and Exchange Commission’s recent civil...more

NYDFS Finalizes Second Amendment to Its Cybersecurity Regulation

Our Privacy, Cyber & Data Strategy and Privacy & Cybersecurity Litigation teams examine the New York Department of Financial Services’ finalized Second Amendment to its Cybersecurity Regulation....more

FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions

On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer...more

The Latest in the SEC’s Off-Network Communications Enforcement Sweep

On September 29, 2023, the U.S. Securities and Exchange Commission (SEC) announced enforcement actions against five broker-dealers, three dually registered broker-dealers and investment advisers, and two affiliated investment...more

SEC Adopts New Cybersecurity Disclosure Rules for Public Companies

Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s final changes to its cybersecurity reporting rules for public companies...more

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its...more

NYDFS Penalizes bitFlyer $1.2 Million for Violations to Cybersecurity Regulation

On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure...more

New NAIC Consumer Privacy Model Law Proposed for Insurers

The National Association of Insurance Commissioners (NAIC) Privacy Protections Working Group (the “Working Group”) released Insurance Consumer Privacy Protection Model Law #674 (“Model 674”) for comment on February 1, 2023....more

NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022....more

FTC Takes Action Against Ed Tech Provider for Failure to Secure Student’s Personal Information

On October 31, 2022, the Federal Trade Commission (FTC) announced it has taken action against education technology provider Chegg Inc. (“Chegg”) for its “careless” cybersecurity practices that exposed sensitive personal...more

$1.8 Billion in SEC and CFTC Fines Highlights Continued Scrutiny of Unapproved Messaging Platforms

Federal enforcement agencies continue to scrutinize investment advisers’ use of personal devices and messaging platforms to conduct business. Our team reviews how recent penalties should encourage companies to create internal...more

SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously

On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of...more

SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies

On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity...more

Maryland Amends Data Breach and Reasonable Security Requirements

Maryland recently passed House Bill 962, amending Maryland’s Personal Information Protection Act (PIPA) (Md. Code Ann. Comm. Law 14-3504). As summarized below, House Bill 962 amends certain aspects of PIPA relating to breach...more

SEC Proposes Sweeping New Cybersecurity Disclosure Rules for Public Companies

Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s latest sweeping changes to its cybersecurity reporting rules for public...more

SEC Cements Expectations for Investment Advisers’ and Investment Companies’ Cyber Preparedness and Disclosure

Our Privacy, Cyber & Data Strategy and Investment Management, Trading & Markets Teams review the Securities and Exchange Commission’s potentially transformative proposed rules that would require registered investment...more

President Biden Issues Executive Order Directing Coordinated Federal Approach to Digital Assets

As a result of the rise in digital assets, President Biden signed an Executive Order on March 9, 2022 ordering a review of the nation’s approach to cryptocurrency. The Executive Order on Ensuring Responsible Development of...more

SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events

On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund and private fund disclosure requirements and increase regulators’ visibility into the private funds industry....more

59 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide