On Feb. 9, 2022, the Securities and Exchange Commission (SEC or Commission) proposed a suite of new rules and amendments concerning cybersecurity risk management for registered investment advisers (advisers) and registered...more
2/14/2022
/ Broker-Dealer ,
Comment Period ,
Cybersecurity ,
Form ADV ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Registered Investment Advisors ,
Securities and Exchange Commission (SEC)
On Nov. 18, 2021, federal bank regulatory agencies approved a final rule requiring banking organizations to notify regulators of “any significant computer-security incident” as soon as possible and no later than 36 hours...more
On Oct. 6, 2021, Deputy Attorney General Lisa O. Monaco announced the creation of a Department of Justice (DOJ) Civil Cyber-Fraud Initiative (the Initiative). According to the announcement, the Initiative combines the DOJ’s...more
On Sept. 14, 2021, the Securities and Exchange Commission (SEC) entered a cease-and-desist order against App Annie Inc. and its co-founder and former CEO, Bertrand Schmitt, after agreeing to settle securities fraud claims....more
Demonstrating its continued focus on cybersecurity enforcement, the Securities and Exchange Commission (SEC) announced three new actions on Aug. 30 charging eight firms with maintaining deficient cybersecurity policies and...more
On June 25, the U.S. Supreme Court handed down a 5-4 decision in TransUnion v. Ramirez that clarified the injury-in-fact plaintiffs must show to have standing to assert statutory privacy rights in federal court. This follows...more
7/14/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Injury-in-Fact ,
SCOTUS ,
Separation of Powers ,
Spokeo v Robins ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
On July 7, 2021, Colorado’s governor signed into law the Colorado Privacy Act (CPA), which follows similar privacy laws enacted in California and Virginia and is consistent with an expanding national trend. ...more
On June 4, the European Commission (EC) adopted two sets of standard contractual clauses (SCCs) for use between controllers and processers in the European Economic Area (EEA) and for the transfer of data between EEA and...more
6/17/2021
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On June 7, the Department of Justice (DOJ) announced that it seized 63.7 of the 75 bitcoins paid by Colonial Pipeline to ransomware attackers last month. The recovered bitcoins were valued at $2.3 million at the time of...more
6/10/2021
/ Asset Seizure ,
Bitcoin ,
Cyber Attacks ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
FBI ,
Hackers ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain
In response to increasing cybersecurity threats, including the SolarWinds and Colonial Pipeline attacks, President Biden issued an Executive Order on May 12, 2021, that enhances cybersecurity requirements for federal...more
Consistent with a growing national trend, Virginia joined California in recently passing consumer privacy legislation with broad national reach. Both the Virginia Consumer Data Protection Act ...more
4/8/2021
/ California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Popular
Ransomware threats and attacks dominated the cyber news cycle in 2020 and into 2021. With the global pandemic and the uptick in remote work and learning, cybercriminals and nation-state hackers have seized on vulnerabilities...more
2/10/2021
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Hackers ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Management ,
Underwriting
The California Consumer Privacy Act (CCPA) created groundbreaking new rules for how businesses must handle California consumers’ personal data and spurred proposals for similar legislation across the country. ...more
11/12/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete ,
Right To Know ,
State and Local Government
Data privacy compliance emerged as a top-tier issue for businesses across the globe with the implementation of new laws with broad scope and sweeping coverage, including the EU’s General Data Protection Regulation (GDPR),...more
8/3/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
State and Local Government