The year 2024 witnessed significant developments in the legal landscape governing artificial intelligence (AI). Three states passed comprehensive AI legislation, with others passing multiple laws that regulate certain AI...more
1/16/2025
/ Artificial Intelligence ,
Colorado ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Intellectual Property Litigation ,
NYDFS ,
Popular ,
Securities and Exchange Commission (SEC)
As 2025 begins, we cover several significant corporate governance developments that occurred in the second half of 2024 and since our Corporate Governance: 2024 Midyear Review was published in August. We first highlight...more
2024 saw continued expansion of laws, regulations and enforcement actions concerning privacy and data security. With no overarching federal privacy law, states continue to expand their enforcement. Four new comprehensive...more
On Oct. 22, 2024, the Securities and Exchange Commission announced that it charged four technology companies with making materially misleading disclosures about the effect the SolarWinds cyberattack had on these issuers. To...more
On July 18, 2024, U.S. District Judge Paul A. Engelmayer of the Southern District of New York dismissed most of the charges that the Securities and Exchange Commission brought against SolarWinds and its chief information...more
In this midyear update, we cover a number of significant corporate governance developments that have taken place over the first half of the year and since our Corporate Governance 2023 Year-End Review....more
On May 21, 2024, the director of the SEC’s Division of Corporation Finance, Erik Gerding, issued a statement regarding the new requirement to disclose material cybersecurity incidents on Form 8-K. The SEC’s latest...more
On May 16, 2024, the Securities and Exchange Commission (SEC) adopted final amendments to Regulation S-P, one year after issuing the proposed amendments (discussed here). Regulation S-P is a set of privacy rules that govern...more
On March 18, the Securities and Exchange Commission (SEC) announced that it settled charges against two investment advisers, Delphia (USA) Inc. and Global Predictions Inc., for making false and misleading statements about...more
By a 3-2 vote on July 26, the U.S. Securities and Exchange Commission (SEC) adopted final rules enhancing disclosure requirements regarding public companies’ cybersecurity risk management, strategy, governance and incident...more
The public and private focus on corporate governance continued apace in the first half of 2023. In recent months, there were notable developments in jurisprudence potentially impacting corporate diversity initiatives and in...more
7/12/2023
/ 10b5-1 Plans ,
Civil Rights Act ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Export Administration Regulations (EAR) ,
Fourteenth Amendment ,
Popular ,
Sanction Violations ,
Section 11 ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Title VI ,
Wells Fargo
On March 15, 2023, the Securities and Exchange Commission (SEC) proposed three rule changes that demonstrate its continued focus on cybersecurity. One of these proposals, and the only one to be unanimously approved (the...more
On March 9, software company Blackbaud agreed to pay $3 million to the SEC as a result of alleged misleading disclosures arising out of a 2020 data breach that involved customer bank account information and Social Security...more
The year 2022 saw a groundswell of interest in privacy rights and related legislation. Five states enacted new laws or regulations aimed at protecting a general right to privacy, while the U.S. government came closer than...more
1/24/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FinCEN ,
NYDFS ,
Popular ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC)
On March 9, the SEC, by a 3-1 vote, proposed new rules in its most far-reaching effort to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by public...more
On Feb. 9, 2022, the Securities and Exchange Commission (SEC or Commission) proposed a suite of new rules and amendments concerning cybersecurity risk management for registered investment advisers (advisers) and registered...more
2/14/2022
/ Broker-Dealer ,
Comment Period ,
Cybersecurity ,
Form ADV ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Registered Investment Advisors ,
Securities and Exchange Commission (SEC)
On Sept. 14, 2021, the Securities and Exchange Commission (SEC) entered a cease-and-desist order against App Annie Inc. and its co-founder and former CEO, Bertrand Schmitt, after agreeing to settle securities fraud claims....more
Demonstrating its continued focus on cybersecurity enforcement, the Securities and Exchange Commission (SEC) announced three new actions on Aug. 30 charging eight firms with maintaining deficient cybersecurity policies and...more