The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022....more
On October 31, 2022, the Federal Trade Commission (FTC) announced it has taken action against education technology provider Chegg Inc. (“Chegg”) for its “careless” cybersecurity practices that exposed sensitive personal...more
On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of...more
On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity...more
Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s latest sweeping changes to its cybersecurity reporting rules for public...more
3/16/2022
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-Q ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
Our Privacy, Cyber & Data Strategy and Investment Management, Trading & Markets Teams review the Securities and Exchange Commission’s potentially transformative proposed rules that would require registered investment...more
On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund and private fund disclosure requirements and increase regulators’ visibility into the private funds industry....more
As an update to prior coverage of the FTC’s final revisions to the Gramm-Leach-Bliley Safeguards Rule (Final Rule), following its publication in the Federal Register on December 9, 2021, the Final Rule now will take effect on...more
The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of...more
On November 18, 2021, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation jointly announced the approval of a final rule to...more
On October 27, 2021, the FTC released its much-anticipated final revisions to the Gramm-Leach-Bliley Safeguards Rule (Safeguards Rule or Final Rule), following a 3-2 vote along party lines and also released a notice of...more
On July 15, 2021, the DOJ and DHS together with additional federal partners launched StopRansomware.gov, a one-stop hub intended to help the private and public sector mitigate the threat of ransomware. The website includes a...more
Ransom demands from cyber-attacks show no signs of slowing down, and the costs—both from ransom payments and repairing the damage—are rising precipitously. Our Privacy, Cyber & Data Strategy Team outlines six ways companies...more
The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated...more
The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security...more
Following the creation of the DOJ’s Ransomware and Digital Extortion Task Force in April 2021 and on the heels of the Biden administration’s characterization of ransomware as a national security threat, on June 7, 2021, the...more
Companies face increasingly tough decision points in preparing for and responding to the proliferation of ransomware attacks. Our Privacy, Cyber & Data Strategy Group outlines seven issues for general counsel to consider as...more
Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by...more
On April 13, 2021, a federal district court granted a motion to partially unseal an FBI application and search warrant following the successful conclusion of an FBI operation to eradicate malicious web shells placed on...more
Against the backdrop of the disruptions associated with the Covid-19 pandemic and SolarWinds cyber-espionage campaign, NYDFS has released guidance for insurers that underwrite cyber insurance policies and which contains a...more
2/19/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Information Technology ,
NYDFS ,
Popular ,
Ransomware ,
Risk Management
Cybersecurity incidents—including second wave attacks—are on the rise. Our Privacy, Cyber & Data Strategy Team outlines seven tips for managing a cybersecurity incident—and recovering with strength....more
As the Biden administration begins detailing its regulatory and enforcement priorities, it faces a new challenge on the health data privacy and security front. In University of Texas M.D. Anderson Cancer Center v. United...more
OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to...more
Following OCIE’s recent and detailed risk alert regarding the threat of ransomware, the SEC announced that it has created the Event and Emerging Risk Examination Team (EERT) as a part of the Office of Compliance Inspections...more
As the healthcare and financial impacts of COVID-19 continue to evolve with the global pandemic, the use of AI technology and associated risks have received greater attention. On April 8, 2020, the FTC posted an extensive...more