Key Takeaways -
With the SolarWinds enforcement action, the SEC continues to ratchet up its enforcement against companies that fail to properly disclose their cybersecurity incidents and risks. By naming the SolarWinds CISO...more
11/22/2023
/ Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Popular ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
SolarWinds
Two years after the Department of Justice (DOJ) established its Civil-Cyber Fraud Initiative, there has been a recent uptick in enforcement and regulatory activity related to cybersecurity. September opened with the unsealing...more
11/3/2023
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Fraud ,
General Services Administration (GSA) ,
Proposed Rules ,
Reporting Requirements ,
Settlement ,
Verizon ,
Whistleblowers
On May 4, 2023, an Idaho federal judge ruled that the Federal Trade Commission (FTC) needs stronger assertions of consumer harm in order for its data privacy suit against data broker/mobile analytics provider Kochava Inc....more
On February 1, 2023, the Federal Trade Commission (FTC) announced that it had taken enforcement action against prescription drug discount company GoodRx, which agreed to injunctive relief and to pay a $1.5 million civil...more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
11/3/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under...more
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
On April 14, 2021, the New York Department of Financial Services (DFS) announced it settled an enforcement action against National Securities Corporation (“National Securities”) related to claims under the Cybersecurity...more
Amendments Come on the Heels of Supreme Court Decisions on SEC Disgorgement -
On January 1, 2021, Congress passed the National Defense Authorization Act (NDAA). Embedded in the NDAA’s more than 1,400 pages is Section...more
On March 5, 2020, Gov. Phil Scott (VT-R) signed into law amendments to the Security Breach Notice Act (the “Act”). The amendments, which originated in the State Senate as part of an initiative addressing a number of data...more
8/10/2020
/ Amended Legislation ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Governor Scott ,
New Guidance ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State Attorneys General
On July 21, 2020, the New York Department of Financial Services (DFS) filed a “Statement of Charges and Notice of Hearing” (the “Charges”) against First American Title Insurance Company (the “Company”) alleging violations of...more
8/7/2020
/ Banking Sector ,
Banks ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Financial Services ,
Enforcement Actions ,
Financial Institutions ,
Financial Services Industry ,
Personally Identifiable Information ,
Sensitive Personal Information ,
Websites
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
5/31/2019
/ Consent ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Telemarketing
• The United States Supreme Court held that a disseminator of a false statement with intent to defraud can be held liable under subsections (a) and (c) of Rule 10b-5, §10(b) of the Exchange Act and §17(a)(1) of the Securities...more
4/2/2019
/ Appeals ,
Enforcement Actions ,
False Statements ,
Fines ,
Intent to Defraud ,
Investment Banks ,
Lorenzo v SEC ,
Material Dissemination ,
Misleading Statements ,
Reaffirmation ,
Rule 10b-5 ,
SCOTUS ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
Suspensions
In this episode, the third of three building on Akin Gump’s annual Top 10 Topics for Directors report, partner Michelle Reed discusses the critical question of cybersecurity and the corporate world.
Among the topics...more
3/20/2019
/ Best Practices ,
Board Members ,
Board of Directors ,
California Consumer Privacy Act (CCPA) ,
Corporate Governance ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Data Use Policies ,
Enforcement Actions ,
Enforcement Authority ,
Fiduciary Duty ,
Internal Controls ,
Legislative Agendas ,
Policies and Procedures ,
Risk Management ,
Risk Mitigation
• The SEC issued guidance in the form of a rare “21(a) report” this week after investigating a series of email frauds impacting 9 unnamed companies.
• These email-based frauds, referred to as “CEO scams” or “vendor scams,”...more
10/19/2018
/ Accounting Controls ,
Business E-Mail Compromise (BEC) ,
CEOs ,
Corporate Finance ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Enforcement Actions ,
Internal Controls ,
New Guidance ,
Policies and Procedures ,
Popular ,
Publicly-Traded Companies ,
Scams ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Spoofing ,
Wire Fraud
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights.
• The CCPA creates a private right of action for California...more
7/9/2018
/ Attorney General ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Enforcement Actions ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Right to Delete ,
Third-Party Service Provider ,
Transparency
• SEC ALJs are “Officers of the United States” within the meaning of the Appointments Clause and therefore must be appointed directly by the SEC. The Court’s decision may permit litigants in prior and pending administrative...more
6/26/2018
/ Administrative Agencies ,
Administrative Law Judge (ALJ) ,
Administrative Proceedings ,
Appeals ,
Appointments Clause ,
Constitutional Challenges ,
Enforcement Actions ,
Final Written Decisions ,
Lucia v SEC ,
Officers of the United States ,
Remand ,
Reversal ,
SCOTUS ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
Special Trial Judges (STJs)
The SEC has taken a new enforcement action, demonstrating its expectations of industry and the willingness to use the variety of tools at its disposal to address concerns with cybersecurity previously signaled by an...more
On April 12, 2016, the U.S. Securities and Exchange Commission (“SEC”) continued its enforcement of reasonable cybersecurity controls, announcing cease and desist proceedings against a broker-dealer and two of its principals...more
Just one week after the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations issued a new risk alert on cybersecurity, the SEC brought an enforcement action against an investment adviser...more
If you read one thing:
- The Federal Trade Commission (FTC) secured a major appellate victory in its quest to challenge lax corporate cybersecurity practices
- In light of the 3rd Circuit’s decision,...more
9/1/2015
/ Appeals ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
FTC v Wyndham ,
Hotels ,
Section 5 ,
Security and Privacy Controls ,
Strategic Enforcement Plan ,
Unfair or Deceptive Trade Practices ,
Wyndham