Introduction - The European Commission’s (EC) proposed regulation (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems establishes rules for the development, placement on the EU market, and use of AI....more
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA). Crafted to address perceived gaps in the California Consumer Privacy Act (CCPA), the CPRA effectively calcifies the law...more
11/13/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Right to Delete ,
Right To Know ,
State and Local Government
The Risk Alert makes clear that OCIE has observed an increase in the frequency of credential stuffing attacks against Registrants, including some successful credential stuffing attacks that resulted in the loss of customer...more
The California Attorney General’s Office (California AG) submitted final proposed regulations (Regulations) under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (CA OAL) on June 1,...more
6/24/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
State Attorneys General
The Office of Compliance Inspections and Examinations of the Securities and Exchange Commission released cybersecurity and resiliency-related examination observations on January 27, 2020, based on “thousands of examinations...more
2/14/2020
/ Broker-Dealer ,
Clearing Agencies ,
Corporate Governance ,
Cybersecurity ,
Data Loss Prevention ,
Incident Response Plans ,
Investment Adviser ,
OCIE ,
Privacy Policy ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Stock Exchange ,
Vendors
The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations issued a National Exam Program Risk Alert on May 23, 2019, which identifies security risks and best practices associated with the...more
6/10/2019
/ Broker-Dealer ,
Cloud Storage ,
Customer Information ,
Cybersecurity ,
Financial Industry Regulatory Authority (FINRA) ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Network Security ,
OCIE ,
Policies and Procedures ,
Popular ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Risk ,
Vendors
The National Futures Association (NFA), the self-regulatory organization of the futures and swap trading industry, announced to its membership on January 7, 2019 that it had amended its requirements for NFA Member Information...more
2/8/2019
/ Amended Rules ,
CEOs ,
CFTC ,
Chief Information Security Officer (CISO) ,
Chief Technology Officer (CTO) ,
Commodity Pool ,
Commodity Trading Advisors (CTAs) ,
CPOs ,
Cybersecurity ,
Data Security ,
National Futures Association ,
NFA ,
Popular
The California legislature unanimously approved and California Governor Jerry Brown signed into law the California Consumer Privacy Act of 2018 (CCPA) on June 28, 2018. The CCPA is arguably the most far-reaching data...more
9/19/2018
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Right to Be Forgotten ,
Right to Delete ,
Right To Know ,
State Attorneys General ,
State Data Breach Notification Statutes
The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) released a National Examination Program Risk Alert (Risk Alert) on August 7, 2017 regarding observations from...more
8/22/2017
/ Best Practices ,
Broker-Dealer ,
Corporate Governance ,
Cybersecurity ,
Data Loss Prevention ,
Incident Response Plans ,
Internal Controls ,
Investment Adviser ,
Investment Companies ,
OCIE ,
Regulation S-P ,
Right of Access ,
Risk Alert ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
Training Requirements ,
Vendors
The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) issued a National Exam Program Risk Alert (Risk Alert) on May 17, 2017 in response to “WannaCry,” the ongoing...more
5/22/2017
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Financial Industry Regulatory Authority (FINRA) ,
Investment Adviser ,
Microsoft ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Risk Assessment ,
Risk Mitigation ,
Securities and Exchange Commission (SEC)
While companies may be aware of the threats posed to their businesses by a data breach, they should also have a concrete plan in place so that they can respond effectively should one occur. In a recent webinar, attorneys from...more
Before committing resources to a potential investment, private equity firms should aggressively evaluate a target company’s cyber risks and cyber preparedness. Some target companies are naturally more exposed to cyber risk...more
10/12/2015
/ Chief Information Security Officer (CISO) ,
Cyber Insurance ,
Cybersecurity ,
Data Collection ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
Global Marketplace ,
Incident Response Plans ,
Information Security ,
Popular ,
Privacy Notice Rule ,
Privacy Policy ,
Private Equity ,
Risk Assessment ,
Target Company ,
WISP
The Securities and Exchange Commission’s (SEC or Commission) Office of Compliance Inspections and Examinations (OCIE) announced in a September 15, 2015 Risk Alert (2015 Risk Alert) that it will be conducting a second round of...more
The Division of Investment Management (Division) of the U.S. Securities and Exchange Commission (SEC) issued a Guidance Update on April 28, 2015 (Guidance) relating to the cybersecurity of registered investment companies and...more
Following a year of high-profile data breaches, the Securities and Exchange Commission (SEC) announced on January 13, 2015 that, for the second consecutive year, its Office of Compliance Inspections and Examinations (OCIE)...more