On October 16, 2024, the New York State Department of Financial Services (the "DFS"), under its Cybersecurity Regulation—23 NYCRR Part 500—issued a memorandum providing guidance on the risks posed by artificial intelligence...more
11/26/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Enforcement ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
The U.S. Securities and Exchange Commission's ("SEC") Division of Enforcement has recently brought a spate of enforcement actions relating to key topics for public companies. These include enforcement actions related to...more
On July 18, 2024, a New York federal judge dismissed most of the US Securities and Exchange Commission’s ("SEC") claims against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer...more
The effective dates of new U.S. data privacy laws are closing in. Currently, thirteen states have passed comprehensive data privacy laws in the United States: California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana,...more
With the 2023 annual report season upon us, it is time for companies to take stock of risk factors for 10-Ks and 20-Fs, and consider whether recent economic, political, technological, and regulatory developments have had (or...more
12/22/2023
/ Annual Reports ,
Artificial Intelligence ,
Climate Change ,
Cybersecurity ,
Disclosure Requirements ,
Geopolitical Risks ,
Internal Controls ,
Popular ,
Publicly-Traded Companies ,
Risk Factors ,
Securities and Exchange Commission (SEC)
On October 30, 2023, the US Securities and Exchange Commission ("SEC") announced that it filed charges against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer ("CISO") in connection...more
11/15/2023
/ Breach Notification Rule ,
Chief Information Security Officer (CISO) ,
Civil Monetary Penalty ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
Fraud ,
Information Technology ,
Initial Public Offering (IPO) ,
Injunctive Relief ,
Insurance Industry ,
Internal Controls ,
Investors ,
Material Misstatements ,
Misleading Statements ,
NIST ,
Omissions ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Sarbanes-Oxley ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act of 1934 ,
Software ,
Vulnerability Assessments
On May 11, 2023, Governor Bill Lee signed the Tennessee Information Protection Act (TIPA) into law. Tennessee now joins the rapidly increasing group of states, California, Utah, Colorado, Connecticut, Virginia, Iowa and...more
6/26/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Gramm-Leach-Blilely Act ,
NIST ,
Personal Information ,
Privacy Laws ,
State Privacy Laws
As of this morning, several US federal agencies and the personal information of 3.5 million Oregon and Louisiana residents has been compromised in a cyberattack affecting companies and government agencies across the globe...more
For most large companies, a frictionless flow of information and the ability to transfer customer data, employee files, financial records and other information around the world quickly and cost-effectively is a critical...more
3/22/2023
/ Biometric Information ,
Board of Directors ,
Corporate Governance ,
Corporate Officers ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Disclosure Requirements ,
Environmental Social & Governance (ESG) ,
EU ,
International Data Transfers ,
Personal Data ,
Popular ,
Risk Assessment ,
Risk Management ,
Technology ,
UK
On March 9, 2022, the Securities and Exchange Commission ("SEC") proposed rules that would require public companies to make prescribed cybersecurity disclosures. The proposed rules would "strengthen investors' ability to...more
3/15/2022
/ Broker-Dealer ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Investment Adviser ,
Investment Companies ,
Investors ,
Proposed Rules ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC)
With data privacy laws tightening and cyberattacks on the rise, due diligence of technology networks and data processes should be a top priority for dealmakers -
May 2021 saw one of the most high-profile cyberattacks in US...more
As state and federal legislatures across the United States continue to contemplate comprehensive data protection legislation, two pending laws—the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection...more
Ninth Circuit Decision Highlights Importance of Updating Risk Factors to Address Material Developments, including those relating to Cybersecurity Risks.
As companies prepare their periodic reports with the SEC, a recent...more
Colorado has joined California and Virginia in enacting comprehensive data privacy legislation after Governor Jared Polis signed the Colorado Privacy Act into effect yesterday. The enactment of the Colorado Privacy Act...more
Consistent with its increasing activity in the cybersecurity enforcement space, in March 2021, the NYDFS issued its first penalty under the Cybersecurity Regulation. This client alert explores the settlement and offers...more
Hot on the heels of the California Attorney General's rulemaking process for the California Consumer Privacy Act ("CCPA"), California voters have passed a ballot initiative to expand and create new privacy rights for...more
On October 28, 2020, a coalition of US government entities consisting of the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services...more
11/9/2020
/ Best Practices ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
FBI ,
Hackers ,
Health Care Providers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware
As companies across industries continue to take advantage of existing and emerging technologies that involve the collection and use of human biometric identifiers, corporate privacy programs must take into account the unique...more
11/9/2020
/ Article III ,
Artificial Intelligence ,
Big Tech ,
Biometric Information ,
Biometric Information Privacy Act ,
Compliance ,
Cybersecurity ,
Data Collection ,
Data Retention ,
Emerging Technologies ,
IL Supreme Court ,
Innovative Technology ,
Popular ,
Regulatory Oversight ,
Robotics ,
Standing ,
State Data Breach Notification Statutes
On October 1, 2020, the US Department of the Treasury's Office of Foreign Assets Control ("OFAC") issued an advisory opinion on the sanctions risks associated with certain cyberattacks ("OFAC Guidance"). The OFAC Guidance...more
10/12/2020
/ Compliance ,
Cyber Attacks ,
Cybersecurity ,
Economic Sanctions ,
New Guidance ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Sanction Violations ,
SDN List ,
U.S. Treasury
In the past few years, cybersecurity has taken on increasing importance in the eyes of lawmakers and regulators. Traditionally, cybersecurity compliance that is tied to the protection of personal information generally has...more
9/10/2020
/ Corporate Counsel ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
FTC Act ,
LabMD ,
NYDFS ,
Popular ,
Regulatory Standards
Irrespective of your industry, the current COVID-19 pandemic poses a new and unique challenge to organizations, their employees, and their customers. The emergence of COVID-19 has prompted organizations to collect and process...more
4/15/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Centers for Disease Control and Prevention (CDC) ,
Compliance ,
COPPA ,
Coronavirus/COVID-19 ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Employee Privacy Rights ,
Federal Trade Commission (FTC) ,
FERPA ,
Financial Industry Regulatory Authority (FINRA) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
NYDFS ,
OCR ,
Patient Privacy Rights ,
Telehealth
White & Case Technology Newsflash -
Fulfilling a company's data breach and cybersecurity incident notification and disclosure requirements is an increasing challenge. Companies operating across industry sectors and around...more
11/6/2019
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Notification Requirements ,
Popular ,
Privacy Laws ,
Risk Management ,
State Data Breach Notification Statutes
New York recently amended its existing data breach notification law to expand the data breach notification obligations of persons and businesses (and state agencies) and impose specific data security requirements on persons...more
8/5/2019
/ Biometric Information ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NYDFS ,
Popular ,
SHIELD Act ,
State Data Breach Notification Statutes
As businesses continue to digitise their assets and operations, the need to continually assess IT infrastructure and the technical measures in place to safeguard key information assets and data becomes ever more important....more
5/3/2019
/ Artificial Intelligence ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Security ,
Digital Service Providers ,
Encryption ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Internal Data Controls ,
IT-Departments ,
NCSC ,
NIS Regulations ,
Operators of Essential Services ,
Passwords ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Mitigation ,
Sanctions ,
Security Audits ,
Security Risk Assessments ,
Software ,
UK ,
UK ICO