The SEC’s new and proposed rules on cybersecurity and cyber-incident reporting will have a dual impact on private investment advisers and funds.
First, the proposal by the SEC will impose cybersecurity related...more
4/18/2024
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Collection ,
Enforcement ,
Governance Standards ,
Investment Adviser ,
New Rules ,
Policies and Procedures ,
Recordkeeping Requirements ,
Regulatory Agenda ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Technology Sector
To understand the litigation and regulatory risks that are coming in 2024 for private capital, it is helpful to look back briefly on recent events. Arguably, the single most important event over the last 18 months was the...more
3/19/2024
/ Acquisitions ,
Asset Management ,
Cryptocurrency ,
Cybersecurity ,
Dispute Resolution ,
Enforcement Actions ,
Fund Managers ,
Hedge Funds ,
Interest Rates ,
Investment Management ,
Investors ,
Mergers ,
Private Equity ,
Private Funds ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Technology Sector
The very definition of generative AI suggests the creation of new content based on a program training on existing data, a recipe that necessarily raises potential U.S. and EU data privacy issues, not to mention related...more
6/30/2023
/ Artificial Intelligence ,
Consent ,
Cybersecurity ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Rights ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Healthcare ,
Machine Learning ,
Popular ,
Privacy Laws ,
State Privacy Laws
2021 continued the trend of increased regulatory focus on privacy and cybersecurity for private investment funds in the U.S. and abroad. There are no signs of the trend leveling off any time soon. One of the topics that...more
The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now...more
Privacy and cybersecurity issues continue to garner significant attention in the U.S. and abroad. Private investment funds registered with the SEC and their portfolio companies will likely see increased regulatory scrutiny...more
8/30/2021
/ Cybersecurity ,
International Data Transfers ,
Popular ,
Portfolio Companies ,
Privacy Concerns ,
Private Investment Funds ,
Ransomware ,
Regulatory Oversight ,
Regulatory Standards ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC)
It has been reported that European Commission will publish the final versions of new forms of Standard Contractual Clauses (“SCCs”) shortly (even potentially within the next few days). The Commission published draft versions...more
GDPR fines are seemingly like buses, you wait over a year for enforcement action by the UK’s data supervisory authority, the ICO, and then two come along at once – and with quite dramatic effect.
The ICO has stretched its...more
7/25/2019
/ British Airways ,
Corporate Fines ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Personal Data ,
Personally Identifiable Information ,
UK
With less than a month to go until the UK is due to leave the EU (at 11pm GMT/12pm CET on 29 March 2019), there is still much uncertainty as to whether, and if so how, the UK will exit the EU (commonly dubbed “Brexit”). In...more
3/13/2019
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Popular ,
UK ,
UK Brexit
The General Data Protection Regulation (the “GDPR”) comes into force automatically in each of the European Union Member States (“EU”) on 25 May 2018. Data protection regulation is not new, with the GDPR building on what is...more
The General Data Protection Regulation (the “GDPR”) comes into force automatically in each of the European Union Member States (“EU”) on 25 May 2018. Data protection regulation is not new, with the GDPR building on what is...more
12/27/2017
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Technology Sector
TalkTalk, a major UK telecoms company, has been fined £400,000 for a data breach after they were hacked. This is a record fine given by the ICO (the UK’s data protection authority). Significantly the fine was imposed after a...more