FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack -
On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
As we begin the new year, we offer this special edition with predictions for 2024 from members of the Cyber Bits Partner Committee. Regardless of what happens in 2024, we renew our commitment to keep you informed of the...more
1/8/2024
/ Artificial Intelligence ,
Biometric Information ,
China ,
Consumer Privacy Rights ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
EU ,
Facial Recognition Technology ,
Machine Learning ,
Popular ,
Regulation S-P ,
Risk Management ,
Securities and Exchange Commission (SEC)
At an open meeting on March 15, 2023, the U.S. Securities and Exchange Commission voted unanimously to propose rule amendments to Regulation S-P (Proposed Rule) and published an accompanying release (Release). The Proposed...more
4/18/2023
/ Cybersecurity ,
Data Breach ,
Financial Institutions ,
Fixing America’s Surface Transportation Act (FAST Act) ,
Gramm-Leach-Blilely Act ,
Investment Adviser ,
Investment Company Act of 1940 ,
Personal Information ,
Popular ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Risk Management ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
What is in store for Privacy and Cybersecurity in 2023 -
As the year ends, we offer this special edition with predictions for 2023 from each member of the Cyber Bits Partner Committee. Regardless of what happens in 2023, we...more
12/30/2022
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Infrastructure ,
Investment Adviser ,
Popular ,
Privacy Laws ,
Privacy Legislation ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
UK ,
Whistleblowers
Less than two months after the California Privacy Protection Agency (“CPPA” or “Agency”) formally took over rulemaking for the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act...more
6/8/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Policy Drafting ,
Popular ,
Regulatory Agenda
At an open meeting on February 9, 2022, the Securities and Exchange Commission voted three-to-one to propose new and amended rules regarding cybersecurity risk management, cyber incident reporting and cyber risk disclosure...more
Few things are certain, but it is indisputable that in 2022 data will remain big; data driven technologies will create unparalleled opportunity and risk; the frequency and sophistication of cyberattacks will shatter...more
1/7/2022
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
International Data Transfers ,
Machine Learning ,
Popular ,
Ransomware ,
Regulatory Agenda ,
Section 5
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA). Crafted to address perceived gaps in the California Consumer Privacy Act (CCPA), the CPRA effectively calcifies the law...more
11/13/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Right to Delete ,
Right To Know ,
State and Local Government
The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations issued a National Exam Program Risk Alert on May 23, 2019, which identifies security risks and best practices associated with the...more
6/10/2019
/ Broker-Dealer ,
Cloud Storage ,
Customer Information ,
Cybersecurity ,
Financial Industry Regulatory Authority (FINRA) ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Network Security ,
OCIE ,
Policies and Procedures ,
Popular ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Risk ,
Vendors
The Staff of the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission released a Risk Alert on April 16, 2019, which identifies significant Regulation S-P (Reg. S-P)1...more
4/23/2019
/ Broker-Dealer ,
Compliance ,
Cybersecurity ,
Employee Training ,
Investor Protection ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Registered Investment Companies (RICs) ,
Regulation S-P ,
Risk Alert ,
Securities and Exchange Commission (SEC)
In a closely watched data-security case, the U.S. Court of Appeals for the Eleventh Circuit vacated as unenforceable a cease and desist order issued by the U.S. Federal Trade Commission (FTC) against LabMD, Inc. According to...more
6/12/2018
/ Administrative Appeals ,
Administrative Law Judge (ALJ) ,
Appeals ,
Cease and Desist Orders ,
Data Breach ,
Data Security ,
Due Process ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Invasion of Privacy ,
LabMD ,
Lack of Specificity ,
Personally Identifiable Information ,
Popular ,
Reversal ,
Section 5 ,
Unfair or Deceptive Trade Practices ,
Vacated
President Donald J. Trump issued an Executive Order on May 11, 2017 aimed at “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” (the “Order”). The Order mandates federal governmental review of...more
5/24/2017
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Executive Orders ,
Information Technology ,
Networks ,
NIST ,
OMB ,
Popular ,
Risk Management ,
Trump Administration
The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) issued a National Exam Program Risk Alert (Risk Alert) on May 17, 2017 in response to “WannaCry,” the ongoing...more
5/22/2017
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Financial Industry Regulatory Authority (FINRA) ,
Investment Adviser ,
Microsoft ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Risk Assessment ,
Risk Mitigation ,
Securities and Exchange Commission (SEC)
While companies may be aware of the threats posed to their businesses by a data breach, they should also have a concrete plan in place so that they can respond effectively should one occur. In a recent webinar, attorneys from...more
The Financial Industry Regulatory Authority (“FINRA”) released its annual Regulatory and Examination Priorities Letter on January 5, listing cybersecurity as a 2016 examination priority. This letter broadly identifies new and...more
The National Futures Association (NFA) adopted on October 23, 2015 an “Interpretive Notice to NFA Compliance Rules 2-9, 2-36, and 2-49: Information Systems Security Programs” (Notice). The Notice requires each NFA Member to...more
11/6/2015
/ Brokers ,
CFTC ,
Commodity Pool ,
Commodity Trading Advisors (CTAs) ,
CPOs ,
Cybersecurity ,
Dealers ,
Employee Training ,
Information Systems Security Program (ISSP) ,
Major Swap Participants ,
National Futures Association ,
NFA ,
Parent Corporation ,
Popular ,
Recordkeeping Requirements ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
Swap Dealers ,
Third-Party Service Provider
Before committing resources to a potential investment, private equity firms should aggressively evaluate a target company’s cyber risks and cyber preparedness. Some target companies are naturally more exposed to cyber risk...more
10/12/2015
/ Chief Information Security Officer (CISO) ,
Cyber Insurance ,
Cybersecurity ,
Data Collection ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
Global Marketplace ,
Incident Response Plans ,
Information Security ,
Popular ,
Privacy Notice Rule ,
Privacy Policy ,
Private Equity ,
Risk Assessment ,
Target Company ,
WISP