On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and...more
1/31/2025
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Proposed cybersecurity regulation may face changes or challenges in view of the incoming Trump administration that is intent on reducing the perceived regulatory burden on American companies and streamlining government...more
The Securities and Exchange Commission (SEC) recently announced that United Parcel Service Inc. (UPS) has agreed to pay a $45 million penalty for materially misrepresenting its earnings by improperly valuing its UPS Freight...more
11/27/2024
/ Accounting ,
Corporate Counsel ,
Corporate Governance ,
Disclosure Requirements ,
GAAP ,
Internal Controls ,
Section 17(a) ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Securities Fraud ,
Term Sheets ,
UPS ,
Valuation
Cybersecurity is integral to protecting sensitive information, ensuring regulatory compliance, managing financial risks, maintaining reputation, ensuring business continuity, gaining a competitive advantage, adapting to...more
11/22/2024
/ C-Suite Executives ,
Continuing Legal Education ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
Ransomware ,
Risk Management ,
Webinars
On October 15, 2024, the Department of Defense (“DoD”) released its final rule (the “Final Rule”) formally establishing the Cybersecurity Maturity Model Certification (“CMMC”) program, nearly three years after first...more
11/22/2024
/ Code of Federal Regulations (CFR) ,
Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
DCMA ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
NIST ,
Subcontractors
The first half of 2024 was eventful in the world of environmental, social and governance (“ESG”). Although ESG continued to lose the market tailwinds that have pushed it forward in recent years, regulatory pressures both...more
10/18/2024
/ Corporate Governance ,
Corporate Social Responsibility ,
Disclosure Requirements ,
Environmental Social & Governance (ESG) ,
Federal Trade Commission (FTC) ,
Greenwashing ,
Non-Compete Agreements ,
Proxy Season ,
Securities and Exchange Commission (SEC) ,
Shareholders ,
Sustainability
Internal investigations are key to good corporate governance when a board of directors is presented with credible allegations of misconduct. An effective internal investigation equips the company with information necessary to...more
On July 30, 2024, Meta Platforms, Inc. (formerly known as Facebook, Inc.) agreed to pay $1.4 billion to the State of Texas to settle a lawsuit alleging that Meta unlawfully captured and used biometric identifiers of millions...more
The Texas Data Privacy and Security Act (“TDPSA” or the “Act”) came into effect on July 1, 2024. The TDPSA applies to any person who (i) conducts business in the state of Texas or produces a product or service consumed by...more
For more than a decade, the U.S. Securities and Exchange Commission (the “SEC”) has been able to bring enforcement actions in either federal court or the agency’s internal venue. Not anymore. On June 27, 2024, the U.S....more
7/1/2024
/ Administrative Law Judge (ALJ) ,
Administrative Proceedings ,
Article III ,
Civil Monetary Penalty ,
Enforcement Actions ,
Jury Trial ,
Public Rights Doctrine ,
SCOTUS ,
SEC v Jarkesy ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act of 1934 ,
Securities Fraud ,
Seventh Amendment
On April 12, 2024, the U.S. Supreme Court unanimously held that, in the absence of an otherwise misleading statement, a failure to disclose information required by Item 303 of Regulation S-K (“Item 303”) does not support a...more
4/18/2024
/ Disclosure Requirements ,
Failure To Disclose ,
Financial Services Industry ,
Macquarie Infrastructure Corp v Moab Partners LP ,
Omissions ,
Rule 10(b) ,
Rule 10b-5 ,
SCOTUS ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Securities Regulation ,
Securities Violations
The facts are an oft-told business email compromise horror story: a hacker interjects themselves into an email discussion of a business deal, changes the wire instructions to their own account, and disappears with the...more
Public companies are now required to comply with new cybersecurity disclosure requirements in their Annual Reports on Form 10-K for fiscal years ending on or after December 15, 2023. In preparing this cybersecurity...more
3/5/2024
/ Annual Reports ,
Chief Information Security Officer (CISO) ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 8-K ,
Popular ,
Regulation S-K ,
Securities and Exchange Commission (SEC) ,
SolarWinds
On November 14, the Securities and Exchange Commission (“SEC”) published its 2023 annual enforcement report which revealed a continuation of 2022’s record-setting enforcement activity.1 The SEC imposed $4.95 billion in...more
Recent enforcement actions brought by the Securities and Exchange Commission (“SEC”) signal that the SEC is paying close attention to public company financial reporting and will continue to punish misleading accounting and...more
On September 12, 2023, Delaware governor John Carney signed the Delaware Personal Data Privacy Act (the “DPDPA” or the “Act”) into law. The DPDPA protects the privacy rights of consumers in Delaware and regulates the...more
9/20/2023
/ Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Selling ,
Data-Sharing ,
Delaware ,
Geolocation ,
New Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
In advance of its September 8, 2023 board meeting, the California Privacy Protection Agency (“CPPA”), the state’s privacy regulatory body, has unveiled draft regulations that could significantly impact cybersecurity...more
9/7/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Regulatory Agenda ,
Risk Assessment ,
State Privacy Laws
The Department of Homeland Security’s Transportation Security Administration (“TSA”) has issued an amended directive on pipeline security, SD-Pipeline-2021-02D (the “Directive”). The Directive is based on and supersedes the...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to approve final rules governing cybersecurity disclosures of public companies (“Final Rules”). The Final Rules make meaningful changes to the current and...more
On July 10, 2023, the European Commission (the “Commission”) adopted an adequacy decision for the EU-U.S. Data Privacy Framework (the “Framework”).
The Framework provides companies that opt in with a legitimate means of...more
7/14/2023
/ Cross-Border ,
Cybersecurity ,
Data Privacy ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
US-EU Safe Harbor Framework
Internal investigations are key to good corporate governance when board of directors and general counsels are presented with allegations of misconduct. An effective internal investigation equips the company with information...more
The European Union’s (“EU”) Data Protection Commission (the “Commission”) recently fined Meta Ireland $1.3 billion (or €1.2 billion) for improper data transfers from the European Economic Area (“EEA”) to the United States in...more
Texas will soon join the growing list of states that have passed comprehensive data privacy legislation. House Bill 4, the Texas Data Privacy and Security Act (“TDPSA” or the “Act”), has a broad reach and will apply to all...more
6/1/2023
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Controller ,
Data Privacy ,
Data Processors ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Opt-Outs ,
Proposed Legislation ,
State Labor Laws ,
Texas
On May 5, 2023, the Securities and Exchange Commission (“SEC”) issued an order (the “Order”)1 providing that it would pay a $279 million award to a whistleblower who assisted with the enforcement of an action by the SEC and...more
On March 15, 2023, the Securities Exchange Commission (“SEC”) issued three additional proposed rules that would expand the reach of the agency’s current cybersecurity guidance to new entities and augment existing...more