The U.S. District Court for the Southern District of New York has dismissed many of the Securities and Exchange Commission’s (SEC’s) claims against software development company SolarWinds and its chief information security...more
8/8/2024
/ Board of Directors ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure ,
Disclosure Requirements ,
Internal Controls ,
Misleading Statements ,
Public Statements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
SolarWinds ,
White Collar Crimes
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced its second settlement in four months growing out of a ransomware attack on a health care business. Maryland-based Green Ridge...more
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
11/7/2023
/ Compliance ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure ,
Enforcement Actions ,
Information Security ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation ,
SolarWinds
In this month’s Privacy & Cybersecurity Update, we review Connecticut’s passage of a comprehensive privacy law (making it the fifth state to do so), the newly enacted federal Better Cybercrime Metrics Act, New York’s new law...more
6/3/2022
/ COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
State Privacy Laws
Takeaways -
Implementing strong cybersecurity practices helps companies prepare for future regulatory requirements.
Incident-response plans must enable financial institutions to give timely and accurate notifications...more
1/25/2022
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
New Rules ,
Personal Information ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the FBI’s warning to companies regarding cyberattacks targeting confidential M&A activity, as well as the Cybersecurity and Infrastructure Security Agency’s directive...more
12/1/2021
/ Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
FBI ,
International Data Transfers ,
Ransomware ,
Robocalling
In this month’s edition of our Privacy & Cybersecurity Update, we examine the FTC’s changes to the Gramm-Leach-Bliley Act’s Safeguards Rule and the CFPB’s order requiring six tech companies to disclose information regarding...more
11/2/2021
/ Consumer Financial Protection Bureau (CFPB) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
GEICO ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multidistrict Litigation ,
Putative Class Actions ,
Safeguards Rule
Recently, many of our clients have received similar requests from the staff of the SEC's Division of Enforcement related to the December 2020 SolarWinds cyberattack. We confirmed with the SEC staff that the request is...more
6/23/2021
/ Amnesty ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement Actions ,
Insider Trading ,
Internal Controls ,
Regulation FD ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
SolarWinds
Takeaways
- Boards need to take an active role overseeing cybersecurity measures.
- Directors may be held personally responsible for lapses that result in attacks.
- U.S. money laundering and sanctions rules may prohibit...more
2/17/2021
/ Anti-Money Laundering ,
Board of Directors ,
Corporate Governance ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Directors ,
Popular ,
Ransomware
In this month's edition of our Privacy & Cybersecurity Update, we examine the U.S. Treasury's advisories regarding the role of financial intermediaries in ransomware payments, a ruling by the Israeli data protection authority...more
11/3/2020
/ British Airways ,
California Consumer Privacy Act (CCPA) ,
Court of Justice of the European Union (CJEU) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Financial Institutions ,
FinCEN ,
International Data Transfers ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
State Attorneys General ,
Surveillance
In this month's edition of our Privacy & Cybersecurity Update, we examine Washington state's new facial recognition law, the U.K. Supreme Court's ruling that an employer is not liable for a data breach caused by a disgruntled...more
5/3/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Draft Guidance ,
Employee Misconduct ,
Employer Liability Issues ,
Equifax ,
European Commission ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
FSB ,
Mobile Apps ,
New Guidance ,
NYDFS ,
Phishing Scams ,
Popular ,
Privacy Laws ,
Settlement ,
UK Supreme Court
The spread of the novel coronavirus has upended Americans’ lives in a matter of months. While life outside has ground to a standstill in many regions of the country, much of corporate America is meeting the unique challenges...more
3/29/2020
/ Best Practices ,
Coronavirus/COVID-19 ,
Corporate Executives ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Hackers ,
Incident Response Plans ,
Network Security ,
NIST ,
Phishing Scams ,
Ransomware ,
Remote Working ,
Risk Management ,
Virtual Private Networks
In this month's edition of our Privacy & Cybersecurity Update, we examine a declaration on ethical considerations for artificial intelligence, the annual joint review of the Privacy Shield, a new lawsuit from a snack food...more
12/5/2018
/ Administrative Review ,
Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cyber Lexicon ,
Cybersecurity ,
Data Protection ,
Data Protection Officers (DPOs) ,
Denial of Insurance Coverage ,
EDPS ,
Ethics ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Financial Institutions ,
Financial Stability Board ,
FSB ,
General Data Protection Regulation (GDPR) ,
Human Rights ,
Insurance Litigation ,
Malware ,
Personal Data ,
Policy Exclusions ,
Popular ,
Privacy Concerns ,
Privacy Laws ,
Property Insurance ,
Ransomware ,
Secretary of Commerce
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
9/7/2018
/ Appeals ,
Brazil ,
Breach Notification Rule ,
CNIL ,
Computer Fraud Insurance ,
Consent ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection Acts ,
Data Protection Authority ,
Data Protection Officers (DPOs) ,
Data Retention ,
Denial of Insurance Coverage ,
Department of Homeland Security (DHS) ,
Email ,
Enforcement Actions ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
France ,
Fraudulent Transfers ,
General Data Protection Regulation (GDPR) ,
Geological Data ,
International Data Transfers ,
Japan ,
Japan-EU Economic Partnership Agreement (EPA) ,
NCCIC ,
Personal Data ,
Policy Terms ,
Popular ,
Public Private Partnerships (P3s) ,
Reciprocity Rules ,
Reversal ,
Scams ,
Social Engineering ,
Spoofing ,
Standard Contractual Clauses ,
Warning Letters ,
Wire Fraud