Four Companies Settle SEC Allegations for “Misleading Cyber Disclosures” Regarding SolarWinds -
On October 22, 2024, the Securities and Exchange Commission (“SEC”) announced settlements with four companies for alleged...more
11/8/2024
/ Artificial Intelligence ,
Consumer Financial Protection Bureau (CFPB) ,
Covered Entities ,
Cybersecurity ,
Disclosure Requirements ,
European Commission ,
Final Rules ,
Notice of Proposed Rulemaking (NOPR) ,
NYDFS ,
Public Disclosure ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act of 1934 ,
Settlement ,
Social Engineering ,
Social Networks ,
SolarWinds ,
UK
Incident Response Plans and Written Information Security Programs Continue to be Essential and Will Need to Be Reviewed. Most sophisticated organizations currently have in place incident response plans. Those organizations...more
7/2/2024
/ Covered Entities ,
Data Breach ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Notification Requirements ,
Personal Information ,
Policies and Procedures ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
CFPB Director Chopra Emphasizes “Pressing Need” for Data Protections -
On June 12, 2024 and June 13, 2024, Consumer Financial Protection Bureau Director Rohit Chopra appeared before the Senate Banking Committee and the...more
7/1/2024
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Court of Justice of the European Union (CJEU) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Multi-Factor Authentication ,
Personal Data ,
Securities and Exchange Commission (SEC) ,
Settlement ,
State Privacy Laws ,
UK GDPR ,
Vermont
As we begin the new year, we offer this special edition with predictions for 2024 from members of the Cyber Bits Partner Committee. Regardless of what happens in 2024, we renew our commitment to keep you informed of the...more
1/8/2024
/ Artificial Intelligence ,
Biometric Information ,
China ,
Consumer Privacy Rights ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
EU ,
Facial Recognition Technology ,
Machine Learning ,
Popular ,
Regulation S-P ,
Risk Management ,
Securities and Exchange Commission (SEC)
The SEC adopted new rules requiring public companies to (i) disclose material cybersecurity incidents on Form 8-K within four business days of determining that an incident is material, and (ii) periodically disclose their...more
8/8/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 8-K ,
Investment Company Act of 1940 ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
At an open meeting on March 15, 2023, the U.S. Securities and Exchange Commission voted three to two to propose a new rule, form and amendments (together, “Proposed Rule”) and published an accompanying release (“Release”)...more
5/11/2023
/ Cybersecurity ,
Disclosure Requirements ,
Incident Response Plans ,
MSBSPs ,
New Rules ,
Policies and Procedures ,
Popular ,
Recordkeeping Requirements ,
Risk Assessment ,
Risk Management ,
SBSD ,
Securities and Exchange Commission (SEC)
At an open meeting on March 15, 2023, the U.S. Securities and Exchange Commission voted unanimously to propose rule amendments to Regulation S-P (Proposed Rule) and published an accompanying release (Release). The Proposed...more
4/18/2023
/ Cybersecurity ,
Data Breach ,
Financial Institutions ,
Fixing America’s Surface Transportation Act (FAST Act) ,
Gramm-Leach-Blilely Act ,
Investment Adviser ,
Investment Company Act of 1940 ,
Personal Information ,
Popular ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Risk Management ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
What is in store for Privacy and Cybersecurity in 2023 -
As the year ends, we offer this special edition with predictions for 2023 from each member of the Cyber Bits Partner Committee. Regardless of what happens in 2023, we...more
12/30/2022
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Infrastructure ,
Investment Adviser ,
Popular ,
Privacy Laws ,
Privacy Legislation ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
UK ,
Whistleblowers
The California legislature recently adjourned its 2022 session without extending several exemptions from the California Consumer Privacy Act of 2018 (CCPA). As a result, due to the California Privacy Rights Act (CPRA)...more
11/21/2022
/ Asset Management ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Carve Out Provisions ,
Data Collection ,
Data Privacy ,
Enforcement ,
Expiration Date ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Registered Investment Advisors ,
Securities and Exchange Commission (SEC)
The Securities and Exchange Commission recently brought two enforcement actions that highlight the SEC’s focus on the investment adviser fiduciary duties, particularly as applied to recommendations that clients open or remain...more
On March 9, 2022, the Securities and Exchange Commission (“SEC”) voted three-to-one to propose new and amended rules for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934...more
3/18/2022
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
Proposed Amendments ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
At an open meeting on February 9, 2022, the Securities and Exchange Commission voted three-to-one to propose new and amended rules regarding cybersecurity risk management, cyber incident reporting and cyber risk disclosure...more
EU Parliament Adopts Amended Digital Services Act by a Wide Margin -
On January 21, 2022, the members of the EU Parliament approved by a large majority (77%) an amended draft of the Digital Services Act (“DSA”)....more
2/11/2022
/ Cloud Service Providers (CSPs) ,
Cybersecurity ,
Digital Service Providers ,
Digital Services ,
EU ,
Facial Recognition Technology ,
Financial Institutions ,
Google ,
Income Taxes ,
Internet ,
IRS ,
Online Platforms ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
Tracking Systems ,
Unfair or Deceptive Trade Practices
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a cybersecurity risk alert on July 10, 2020 regarding ransomware (Alert). In the Alert, OCIE described “recent reports”...more
7/27/2020
/ Cyber Attacks ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Malware ,
OCIE ,
Phishing Scams ,
Publicly-Traded Companies ,
Ransomware ,
Registration ,
Risk Alert ,
Securities ,
Securities and Exchange Commission (SEC) ,
Training Requirements
The Office of Compliance Inspections and Examinations of the Securities and Exchange Commission released cybersecurity and resiliency-related examination observations on January 27, 2020, based on “thousands of examinations...more
2/14/2020
/ Broker-Dealer ,
Clearing Agencies ,
Corporate Governance ,
Cybersecurity ,
Data Loss Prevention ,
Incident Response Plans ,
Investment Adviser ,
OCIE ,
Privacy Policy ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Stock Exchange ,
Vendors
The Staff of the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission released a Risk Alert on April 16, 2019, which identifies significant Regulation S-P (Reg. S-P)1...more
4/23/2019
/ Broker-Dealer ,
Compliance ,
Cybersecurity ,
Employee Training ,
Investor Protection ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Registered Investment Companies (RICs) ,
Regulation S-P ,
Risk Alert ,
Securities and Exchange Commission (SEC)
The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) released a National Examination Program Risk Alert (Risk Alert) on August 7, 2017 regarding observations from...more
8/22/2017
/ Best Practices ,
Broker-Dealer ,
Corporate Governance ,
Cybersecurity ,
Data Loss Prevention ,
Incident Response Plans ,
Internal Controls ,
Investment Adviser ,
Investment Companies ,
OCIE ,
Regulation S-P ,
Right of Access ,
Risk Alert ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
Training Requirements ,
Vendors
The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) issued a National Exam Program Risk Alert (Risk Alert) on May 17, 2017 in response to “WannaCry,” the ongoing...more
5/22/2017
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Financial Industry Regulatory Authority (FINRA) ,
Investment Adviser ,
Microsoft ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Risk Assessment ,
Risk Mitigation ,
Securities and Exchange Commission (SEC)
The Securities and Exchange Commission’s (SEC or Commission) Office of Compliance Inspections and Examinations (OCIE) announced in a September 15, 2015 Risk Alert (2015 Risk Alert) that it will be conducting a second round of...more
The Securities and Exchange Commission’s (the “SEC” or the “Commission”) Office of Compliance Inspections and Examinations (“OCIE”) announced in an April 15, 2014 Risk Alert (the “Alert”) that it will be conducting...more