The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of six public forums and...more
1/16/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General
• The SEC issued guidance in the form of a rare “21(a) report” this week after investigating a series of email frauds impacting 9 unnamed companies.
• These email-based frauds, referred to as “CEO scams” or “vendor scams,”...more
10/19/2018
/ Accounting Controls ,
Business E-Mail Compromise (BEC) ,
CEOs ,
Corporate Finance ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Enforcement Actions ,
Internal Controls ,
New Guidance ,
Policies and Procedures ,
Popular ,
Publicly-Traded Companies ,
Scams ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Spoofing ,
Wire Fraud
• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more
9/10/2018
/ California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Time Extensions
• DoD and other government agencies will scrutinize contractors’ supply chain security plans and programs from proposal submission to contract closeout.
• The 2019 NDAA as approved by Congress and DHS initiatives highlight...more
8/22/2018
/ Acquisitions ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Federal Contractors ,
Goods or Services ,
Government Agencies ,
National Security ,
NDAA ,
Popular ,
Risk Assessment ,
Risk Management ,
Software ,
Strategic Planning ,
Supply Chain
On September 1, 2018, five new requirements included in the New York State Department of Financial Services’ (DFS) Cybersecurity Regulation go into effect – (1) audit trails, (2) application security, (3) data disposal...more
8/13/2018
/ Audit Reports ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
NYDFS ,
Policies and Procedures ,
Popular ,
Recordkeeping Requirements ,
Risk Management ,
State Data Breach Notification Statutes
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights.
• The CCPA creates a private right of action for California...more
7/9/2018
/ Attorney General ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Enforcement Actions ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Right to Delete ,
Third-Party Service Provider ,
Transparency
• Disclosures must inform investors about material cybersecurity risks and incidents, including addressing material cybersecurity risks for cyber-attacks that have not yet occurred.
• Comprehensive policies and procedures...more
3/1/2018
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Investors ,
Materiality ,
MD&A Statements ,
New Guidance ,
Non-Public Information ,
Policies and Procedures ,
Regulation FD ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
Nearly 30 years ago the Fair Isaac Corporation (“FICO”) first introduced its metric for measuring creditworthiness. Since then, the FICO Score has become a default metric used by countless market participants to facilitate...more
2/27/2018
/ Chamber of Commerce ,
Cloud Service Providers (CSPs) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Insurance Industry ,
Internet ,
Rating Agencies ,
Security Risk Assessments ,
Small Business ,
Underwriting ,
Vendors
• NAIC recently adopted an Insurance Data Security Model Law that follows the risk assessment-based approach of the New York DFS Cybersecurity Regulation. This signals the growing influence of the New York Regulation,...more
11/1/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Security ,
Department of Financial Services ,
Health Insurance Portability and Accountability Act (HIPAA) ,
National Association of Insurance Commissioners ,
Non-Public Information ,
Notification Requirements ,
Personally Identifiable Information ,
Reinsurance ,
Risk Assessment ,
The Model Law ,
Third-Party Service Provider
On October 11, 2017, the National Association of Insurance Commissioners and the Stanford Cyber Initiative held a joint conference on various topics related to cyber insurance. Below are key takeaways and hot topics discussed...more
New York Financial Regulator to Enforce First-of-Its-Kind Cybersecurity Regulations in Coming Weeks -
On December 28, 2016, the New York Department of Financial Services (NYDFS) issued revised cybersecurity regulations...more
Here is our annual list of hot topics for the boardroom in the coming year:
Corporate strategy: Oversee the development of the corporate strategy in an increasingly uncertain and volatile world economy with new and more...more
In April 2016, President Obama appointed the Commission on Enhancing National Cybersecurity (the “Commission”) to assess the state of our cybersecurity and develop actionable recommendations for securing the digital economy...more
New York Governor Andrew Cuomo announced last week a first-of-its-kind cybersecurity program for New York-regulated financial services companies that would impose broad new cybersecurity program requirements and require the...more
The SEC has taken a new enforcement action, demonstrating its expectations of industry and the willingness to use the variety of tools at its disposal to address concerns with cybersecurity previously signaled by an...more
The president’s FY 2017 budget, released today, includes cybersecurity as a national priority. The budget would invest $19 billion in overall federal resources for cybersecurity that are intended to support a broad-based...more
Cybersecurity -
Nearly 90 percent of CEOs worry that cyber threats could adversely impact growth prospects, up from nearly 70 percent the previous year. Yet, in a recent survey, nearly 80 percent of the more than 1,000...more
Top 10 Topics for Directors in 2016 U.S. public companies face a host of challenges as they enter 2016. Here is our annual list of hot topics for the boardroom in the coming year...
...more
If you read one thing...
- The omnibus appropriations package includes legislation that provides liability protection to companies who voluntarily engage in cybersecurity information sharing.
- The...more
Shareholder Activism -
Shareholder activism and “suggestivism” continue to gain traction. With the success that activists have experienced throughout 2015, coupled with significant new money being allocated to activist...more
On November 13, 2015, Federal Trade Commission (FTC) Chief Administrative Law Judge Michael Chappell dismissed a suit brought by the FTC alleging that LabMD’s failure to implement reasonable and appropriate data security...more
During Akin Gump Strauss Hauer & Feld LLP’s most recent cybersecurity event, “Tackling Cybersecurity in the Boardroom,” hosted on November 12, 2015, our panels discussed a number of issues facing directors....more
The Senate has passed the Cybersecurity Information Sharing Act (S.754, CISA), sponsored by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA), the chair and vice-chair of the Senate Intelligence Committee, by a margin of...more
Chinese President Xi Jinping’s visit to Washington D.C. led to a very significant agreement on cybersecurity, as reflected by The White House fact sheet released Friday (excerpted below). The agreement addresses a core U.S....more
Just one week after the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations issued a new risk alert on cybersecurity, the SEC brought an enforcement action against an investment adviser...more