On July 18, 2024, U.S. District Judge Paul A. Engelmayer of the Southern District of New York dismissed most of the charges that the Securities and Exchange Commission brought against SolarWinds and its chief information...more
On May 16, 2024, the Securities and Exchange Commission (SEC) adopted final amendments to Regulation S-P, one year after issuing the proposed amendments (discussed here). Regulation S-P is a set of privacy rules that govern...more
The year 2023 saw continued expansion of public interest in privacy rights, data security and related legislation. Comprehensive privacy laws took effect in five states, while 12 more states enacted similar laws that will...more
The public and private focus on corporate governance continued apace in the first half of 2023. In recent months, there were notable developments in jurisprudence potentially impacting corporate diversity initiatives and in...more
7/12/2023
/ 10b5-1 Plans ,
Civil Rights Act ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Export Administration Regulations (EAR) ,
Fourteenth Amendment ,
Popular ,
Sanction Violations ,
Section 11 ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Title VI ,
Wells Fargo
On March 15, 2023, the Securities and Exchange Commission (SEC) proposed three rule changes that demonstrate its continued focus on cybersecurity. One of these proposals, and the only one to be unanimously approved (the...more
On March 9, software company Blackbaud agreed to pay $3 million to the SEC as a result of alleged misleading disclosures arising out of a 2020 data breach that involved customer bank account information and Social Security...more
In an era of increasing cyberattacks by varying threat actors, the board's oversight of cybersecurity risks remains a key responsibility. In two recent cases, the Delaware Court of Chancery (Chancery Court) dismissed Caremark...more
The year 2022 saw a groundswell of interest in privacy rights and related legislation. Five states enacted new laws or regulations aimed at protecting a general right to privacy, while the U.S. government came closer than...more
1/24/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FinCEN ,
NYDFS ,
Popular ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC)
On July 20, 2022, the House Committee on Energy and Commerce advanced a new federal privacy bill titled the American Data Privacy and Protection Act (ADPPA) to the House floor. Although it is not yet law, many commentators...more
On March 15, 2022, President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (the Act) into law as part of the $1.5 trillion fiscal 2022 omnibus spending package. The Act will create a mandatory...more
On Feb. 9, 2022, the Securities and Exchange Commission (SEC or Commission) proposed a suite of new rules and amendments concerning cybersecurity risk management for registered investment advisers (advisers) and registered...more
2/14/2022
/ Broker-Dealer ,
Comment Period ,
Cybersecurity ,
Form ADV ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Registered Investment Advisors ,
Securities and Exchange Commission (SEC)
On Nov. 18, 2021, federal bank regulatory agencies approved a final rule requiring banking organizations to notify regulators of “any significant computer-security incident” as soon as possible and no later than 36 hours...more
Demonstrating its continued focus on cybersecurity enforcement, the Securities and Exchange Commission (SEC) announced three new actions on Aug. 30 charging eight firms with maintaining deficient cybersecurity policies and...more
On July 7, 2021, Colorado’s governor signed into law the Colorado Privacy Act (CPA), which follows similar privacy laws enacted in California and Virginia and is consistent with an expanding national trend. ...more
On June 7, the Department of Justice (DOJ) announced that it seized 63.7 of the 75 bitcoins paid by Colonial Pipeline to ransomware attackers last month. The recovered bitcoins were valued at $2.3 million at the time of...more
6/10/2021
/ Asset Seizure ,
Bitcoin ,
Cyber Attacks ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
FBI ,
Hackers ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain
Consistent with a growing national trend, Virginia joined California in recently passing consumer privacy legislation with broad national reach. Both the Virginia Consumer Data Protection Act ...more
4/8/2021
/ California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Popular
Ransomware threats and attacks dominated the cyber news cycle in 2020 and into 2021. With the global pandemic and the uptick in remote work and learning, cybercriminals and nation-state hackers have seized on vulnerabilities...more
2/10/2021
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Hackers ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Management ,
Underwriting
Data privacy compliance emerged as a top-tier issue for businesses across the globe with the implementation of new laws with broad scope and sweeping coverage, including the EU’s General Data Protection Regulation (GDPR),...more
8/3/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
State and Local Government