The Privacy Insider Podcast Episode 11: Signal and Noise: The New Administration, Privacy, and Our Digital Rights with Cindy Cohn of Electronic Frontier Foundation
Digital Planning Podcast - Interview With Leeza Garber
Compliance into the Weeds-Episode 39, Disclosure of Ransomware Attacks
Your Cyber Minute: Compliance with the Proposed NYDFS Cybersecurity Regulation
Safeguards against Data Security Breaches (Part One)
In light of recent reports of cyberattacks on telecommunications companies, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a series of reports and statements recommending secure communications,...more
While the balance of security, privacy, and public safety has always been a concern, recent cyberattacks have highlighted conflicting guidance by United States government officials, creating potential pitfalls for businesses....more
In late June, the staff of the U.S. Securities and Exchange Commission’s Division of Corporation Finance released five new compliance and disclosure interpretations regarding the disclosure of material cybersecurity incidents...more
In this week’s edition of Consumer Protection Dispatch, we look at the latest regulatory developments from the U.S. Department of Commerce, Consumer Financial Protection Bureau, and the Securities and Exchange Commission...more
On February 1, the Federal Trade Commission (FTC or “the Commission”) announced that it had reached a settlement with Blackbaud, a software company, resolving claims related to a 2020 data breach that resulted in the...more
Cybersecurity is a looming threat for most businesses. The impact of a major cyber event can resonate for weeks, months, and even years after the initial attack. To mitigate the risks to consumers, there have been several...more
Throughout 2022, we continue to see regulators placing an emphasis on the importance of protecting and securing information, in particular consumer personal information, at both the federal and state levels. ...more
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing...more
Ransomware attacks are on the rise. Lax security measures, which have become more acute in the work-from-home environment, continue to be exploited. Companies' systems are hacked into, their data is encrypted, and they face...more
I am hardly saying that SEC Regulation S-P is the sexiest of regulations. I mean, has any customer is history actually read one of those exciting statement stuffers that discloses in some dense font a BD’s privacy policy?...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
In this episode Matt Kelly and I take a deep dive into the question of whether a company has a duty to disclose ransomware attacks. We consider it from the regulatory, legal, ethical, law enforcement, business, PR and some...more
Sanctions: Will the Trump Administration Stay the Course? President Trump made many statements during the campaign regarding actions he plans to take to reverse Obama administration sanctions policies. These included...more
On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt...more
Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more
A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of...more
On September 22, 2015, the Securities and Exchange Commission (SEC) announced the settlement of an enforcement action against a St. Louis-based registered investment adviser (Adviser) brought under Rule 30(a) of Regulation...more
Half of Fortune 500 companies would face “serious harm” or be “adversely impacted” by a cyber-attack. The greatest perceived harms are loss or theft of confidential information, loss of reputation and direct loss from...more