• The SEC released a Risk Alert summarizing key areas in which it continues to see compliance deficiencies related to Regulation S-P, the primary SEC rule regarding privacy notices and safeguard policies of investment...more
4/29/2019
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Training ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Regulation S-P ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Vendors
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies.
• Main areas for non-profit...more
1/28/2019
/ Australia ,
CNIL ,
Cybersecurity ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Nonprofits ,
Personal Data ,
Popular ,
Request For Information
The Department of Defense (DOD) and its component services and agencies are taking several independent steps to assess and enhance their cyber and supply chain security that will directly or indirectly affect DOD contractors...more
12/20/2018
/ Airlines ,
Aviation Industry ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Agency Taskforce ,
Federal Contractors ,
Final Guidance ,
General Services Administration (GSA) ,
Government Agencies ,
Memorandum of Understanding ,
NIST ,
Popular ,
Subcontractors ,
Supply Chain ,
Technology Sector ,
Transportation Industry ,
TSA ,
U.S. Navy
• The SEC issued guidance in the form of a rare “21(a) report” this week after investigating a series of email frauds impacting 9 unnamed companies.
• These email-based frauds, referred to as “CEO scams” or “vendor scams,”...more
10/19/2018
/ Accounting Controls ,
Business E-Mail Compromise (BEC) ,
CEOs ,
Corporate Finance ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Enforcement Actions ,
Internal Controls ,
New Guidance ,
Policies and Procedures ,
Popular ,
Publicly-Traded Companies ,
Scams ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Spoofing ,
Wire Fraud
• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more
9/10/2018
/ California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Time Extensions
• DoD and other government agencies will scrutinize contractors’ supply chain security plans and programs from proposal submission to contract closeout.
• The 2019 NDAA as approved by Congress and DHS initiatives highlight...more
8/22/2018
/ Acquisitions ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Federal Contractors ,
Goods or Services ,
Government Agencies ,
National Security ,
NDAA ,
Popular ,
Risk Assessment ,
Risk Management ,
Software ,
Strategic Planning ,
Supply Chain
On September 1, 2018, five new requirements included in the New York State Department of Financial Services’ (DFS) Cybersecurity Regulation go into effect – (1) audit trails, (2) application security, (3) data disposal...more
8/13/2018
/ Audit Reports ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
NYDFS ,
Policies and Procedures ,
Popular ,
Recordkeeping Requirements ,
Risk Management ,
State Data Breach Notification Statutes
On May 23, 2016, plaintiffs and Illinois residents Jose Luis Martinez and Malcolm Neal filed a class action in California state court claiming that “Snapchat is actively collecting, storing, and using the biometrics of its...more
On May 5, 2016, a federal judge denied Facebook’s attempt to dismiss a consolidated putative class action alleging that Facebook’s “Tag Suggestions” feature violates the Illinois Biometric Information Privacy Act (BIPA)....more
On April 3, 2016, it became public that an anonymous source had leaked 11 million confidential documents, known as the “Panama Papers,” belonging to the Panama-headquartered international law firm Mossack Fonseca. As more of...more
Germany has enacted a new data protection statute, which came into force on February 24, 2016, and enables business associations and consumer groups to enforce violations of German data protection laws against businesses....more
Cybersecurity -
Nearly 90 percent of CEOs worry that cyber threats could adversely impact growth prospects, up from nearly 70 percent the previous year. Yet, in a recent survey, nearly 80 percent of the more than 1,000...more
The Senate has passed the Cybersecurity Information Sharing Act (S.754, CISA), sponsored by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA), the chair and vice-chair of the Senate Intelligence Committee, by a margin of...more
On July 20, 2015, the U.S. Court of Appeals for the 7th Circuit issued an opinion that could dramatically change the class action landscape for companies that are victims of hackers. In Remijas v. Neiman Marcus Gp., the 7th...more
A new study released on May 7, 2015, by the Ponemon Institute revealed that criminal cyberattacks on health care organizations were the most prevalent cause of data breaches in 2014. The report underscores the need to think...more
On April 28, the Securities and Exchange Commission (SEC) Division of Investment Management (the “Division”) published a Guidance Update setting forth cybersecurity concerns and advice for the registered investment ...more
In California, home to Silicon Valley, Biotech Beach, drones and some of the nation’s strongest laws protecting personal and consumer privacy, legislators are grappling with how to balance popular innovations in technology...more
Tuesday, the House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade held its first hearing of the 114th Congress, entitled “What Are the Elements of Sound Data Breach Legislation?”...more