On February 1, 2024, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement with that would require Blackbaud Inc. (“Blackbaud”) to delete personal data it does not need to retain and upgrade...more
2/7/2024
/ Certifications ,
Cyber Attacks ,
Cyber Incident Reporting ,
Data Deletion ,
Data Management ,
Data Protection ,
Data Retention ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Ransomware ,
Settlement ,
Third-Party
Welcome to the January edition of Akin Intelligence. Artificial Intelligence (AI) remains a key area for state and federal legislators in the new year. State executives and legislators continue to propose AI-related...more
1/29/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Biden Administration ,
Cyber Attacks ,
Employment Discrimination ,
Executive Orders ,
FCC ,
Federal Trade Commission (FTC) ,
Machine Learning ,
OMB ,
Request For Information ,
Software Developers ,
Trump Administration
Key Takeaways -
With the SolarWinds enforcement action, the SEC continues to ratchet up its enforcement against companies that fail to properly disclose their cybersecurity incidents and risks. By naming the SolarWinds CISO...more
11/22/2023
/ Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Popular ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
SolarWinds
Under legislation signed into law today by President Joe Biden, certain companies will be required to report cyberattacks to the federal government within 72 hours, and ransomware payments within 24 hours.
Within 24...more
Gary Gensler, Chair of the U.S. Securities and Exchange Commission (SEC), signaled a new era of cybersecurity law (and accompanying enforcement) in his keynote address “Cybersecurity and Securities Laws” on January 24, 2022,...more
On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an updated sanctions advisory, providing guidance to companies on sanctions compliance obligations related to ransomware...more
12/14/2021
/ Compliance ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
New Guidance ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Sanctions ,
U.S. Treasury ,
Virtual Currency
In early October, the United States Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory, warning of the potential risk of sanctions to companies and individuals who pay ransomware payments. The...more
11/2/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Economic Sanctions ,
Financial Institutions ,
Foreign Policy ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Management ,
Risk-Based Approaches ,
Sanction Violations
On September 15, 2020, the New York Attorney General (NYAG) reached a Consent and Stipulation Agreement (the “Agreement”) with Dunkin’ Brand’s Inc. a year after filing a lawsuit over the company’s response to cyberattacks in...more
10/6/2020
/ Consent Agreements ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Debit and Credit Card Transactions ,
Dunkin' Donuts ,
Failure to Notify ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Settlement ,
State Attorneys General ,
State Data Breach Notification Statutes
- In the age of broad corporate teleworking brought on by COVID-19, OCIE of the SEC has observed during recent examinations that investment advisers, broker-dealers and investment companies are subject to an increased threat...more
7/16/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Investment Management ,
Malware ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Securities and Exchange Commission (SEC)
Cybersecurity threat actors are targeting information of businesses seeking assistance during this time of crisis. For example, last week the Small Business Administration (SBA) reported a suspected data breach, affecting...more
In a set of recent settlements, the Federal Trade Commission (the FTC or Commission) resolved charges against two companies, ClixSense and D-Link, for failing to provide reasonable security and to live up to their data...more
7/23/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hackers ,
Information Security ,
Misrepresentation ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Section 5 ,
Settlement Agreements
In this episode, the third of three building on Akin Gump’s annual Top 10 Topics for Directors report, partner Michelle Reed discusses the critical question of cybersecurity and the corporate world.
Among the topics...more
3/20/2019
/ Best Practices ,
Board Members ,
Board of Directors ,
California Consumer Privacy Act (CCPA) ,
Corporate Governance ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Data Use Policies ,
Enforcement Actions ,
Enforcement Authority ,
Fiduciary Duty ,
Internal Controls ,
Legislative Agendas ,
Policies and Procedures ,
Risk Management ,
Risk Mitigation
• DoD and other government agencies will scrutinize contractors’ supply chain security plans and programs from proposal submission to contract closeout.
• The 2019 NDAA as approved by Congress and DHS initiatives highlight...more
8/22/2018
/ Acquisitions ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Federal Contractors ,
Goods or Services ,
Government Agencies ,
National Security ,
NDAA ,
Popular ,
Risk Assessment ,
Risk Management ,
Software ,
Strategic Planning ,
Supply Chain
• Disclosures must inform investors about material cybersecurity risks and incidents, including addressing material cybersecurity risks for cyber-attacks that have not yet occurred.
• Comprehensive policies and procedures...more
3/1/2018
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Investors ,
Materiality ,
MD&A Statements ,
New Guidance ,
Non-Public Information ,
Policies and Procedures ,
Regulation FD ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
Nearly 30 years ago the Fair Isaac Corporation (“FICO”) first introduced its metric for measuring creditworthiness. Since then, the FICO Score has become a default metric used by countless market participants to facilitate...more
2/27/2018
/ Chamber of Commerce ,
Cloud Service Providers (CSPs) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Insurance Industry ,
Internet ,
Rating Agencies ,
Security Risk Assessments ,
Small Business ,
Underwriting ,
Vendors
On June 18, 2015, Congressmen Jim Langevin (D-RI) and Jim Himes (D-CT) sent a letter to the Securities and Exchange Commission (SEC) calling for updated cybersecurity disclosure guidance for publicly traded companies....more
On June 4, 2015, the U.S. Office of Personnel Management (OPM) announced that it was the victim of a data breach in which records of more than four million current and former agency employees were accessed. According to the...more
A new study released on May 7, 2015, by the Ponemon Institute revealed that criminal cyberattacks on health care organizations were the most prevalent cause of data breaches in 2014. The report underscores the need to think...more