Last week, the Securities and Exchange Commission imposed expanded privacy and cybersecurity obligations on fund managers and sponsors registered with the SEC as investment advisers. While many registered investment advisers...more
5/21/2024
/ Breach Notification Rule ,
Customer Information ,
Cybersecurity ,
Fund Managers ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
Policies and Procedures ,
Privacy Laws ,
Private Funds ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC) ,
Sponsors
On May 15, 2024, the Senate AI Working Group—Senate Majority Leader Chuck Schumer (D-NY) and Sens. Mike Rounds (R-SD), Todd Young (R-IN), and Martin Heinrich (D-NM)—issued their long-anticipated Roadmap for Artificial...more
5/17/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Financial Services Industry ,
Fraud ,
General Elections ,
Healthcare ,
Innovation ,
Intellectual Property Protection ,
Investment ,
Machine Learning ,
National Security ,
NIST ,
Policies and Procedures ,
Proposed Legislation ,
Research and Development ,
Risk Mitigation
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
- The OCIE of the SEC highlights that responses to COVID-19 present important regulatory and compliance issues for SEC registrants, including “heightened risks of misconduct” tied to recent market volatility.
- The Risk...more
8/21/2020
/ Asset Management ,
Broker-Dealer ,
Business Continuity Plans ,
Business Operations ,
Compliance ,
Conflicts of Interest ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
Fees ,
Financial Transactions ,
Investment Adviser ,
Investment Fraud ,
Investment Management ,
Investors ,
OCIE ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Remote Working ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Supervision
Cybersecurity and Privacy -
Despite cries from corporations and privacy advocates across America for a unified federal privacy law, the nation’s toughest privacy law—the California Consumer Privacy Act (CCPA)—went into...more
3/6/2020
/ Board of Directors ,
California Consumer Privacy Act (CCPA) ,
Corporate Governance ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Internal Controls ,
New Regulations ,
Policies and Procedures ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
Wire Fraud
With the expansion of privacy legislation—from the General Data Protection Regulation (GDPR) in Europe to the coming California Consumer Privacy Act (CCPA) in the United States—cyber liability insurance is taking on increased...more
11/4/2019
/ California Consumer Privacy Act (CCPA) ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Denial of Insurance Coverage ,
Incident Response Plans ,
Insurance Contracts ,
Insurance Litigation ,
Liability Insurance ,
Litigation Fees & Costs ,
Policies and Procedures ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Risk Mitigation ,
Third-Party Liability
In a set of recent settlements, the Federal Trade Commission (the FTC or Commission) resolved charges against two companies, ClixSense and D-Link, for failing to provide reasonable security and to live up to their data...more
7/23/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hackers ,
Information Security ,
Misrepresentation ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Section 5 ,
Settlement Agreements
• On May 23, 2019, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert describing its observations in past examinations of weaknesses and best practices...more
5/29/2019
/ Broker-Dealer ,
Cloud Storage ,
Customer Information ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Storage Providers ,
Identity Theft ,
Identity Theft Red Flags Rule ,
Investment Adviser ,
OCIE ,
Policies and Procedures ,
Regulation S-ID ,
Regulation S-P ,
Regulatory Requirements ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider ,
Vendors
• The SEC released a Risk Alert summarizing key areas in which it continues to see compliance deficiencies related to Regulation S-P, the primary SEC rule regarding privacy notices and safeguard policies of investment...more
4/29/2019
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Training ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Regulation S-P ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Vendors
In this episode, the third of three building on Akin Gump’s annual Top 10 Topics for Directors report, partner Michelle Reed discusses the critical question of cybersecurity and the corporate world.
Among the topics...more
3/20/2019
/ Best Practices ,
Board Members ,
Board of Directors ,
California Consumer Privacy Act (CCPA) ,
Corporate Governance ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Data Use Policies ,
Enforcement Actions ,
Enforcement Authority ,
Fiduciary Duty ,
Internal Controls ,
Legislative Agendas ,
Policies and Procedures ,
Risk Management ,
Risk Mitigation
This client alert will briefly outline key upcoming deadlines under the New York State Department of Financial Services (DFS) Cybersecurity Regulation (the “Regulation”). These include annual filing deadlines coming up in...more
1/31/2019
/ Certificates of Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Encryption ,
Exemptions ,
Filing Deadlines ,
NYDFS ,
Policies and Procedures ,
Risk Assessment ,
Third-Party Service Provider ,
Vendors
• The SEC issued guidance in the form of a rare “21(a) report” this week after investigating a series of email frauds impacting 9 unnamed companies.
• These email-based frauds, referred to as “CEO scams” or “vendor scams,”...more
10/19/2018
/ Accounting Controls ,
Business E-Mail Compromise (BEC) ,
CEOs ,
Corporate Finance ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Enforcement Actions ,
Internal Controls ,
New Guidance ,
Policies and Procedures ,
Popular ,
Publicly-Traded Companies ,
Scams ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Spoofing ,
Wire Fraud
On September 1, 2018, five new requirements included in the New York State Department of Financial Services’ (DFS) Cybersecurity Regulation go into effect – (1) audit trails, (2) application security, (3) data disposal...more
8/13/2018
/ Audit Reports ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
NYDFS ,
Policies and Procedures ,
Popular ,
Recordkeeping Requirements ,
Risk Management ,
State Data Breach Notification Statutes
• Disclosures must inform investors about material cybersecurity risks and incidents, including addressing material cybersecurity risks for cyber-attacks that have not yet occurred.
• Comprehensive policies and procedures...more
3/1/2018
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Investors ,
Materiality ,
MD&A Statements ,
New Guidance ,
Non-Public Information ,
Policies and Procedures ,
Regulation FD ,
Risk Assessment ,
Securities and Exchange Commission (SEC)