While speaking at the annual conference of the National Advertising Division on September 19, 2023, the Federal Trade Commission (“FTC”) announced a generative AI (“AI”) policy that is consistent with Chairwoman Khan’s focus...more
On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) released its proposal to amend Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (the “Proposed...more
4/5/2023
/ Cryptoassets ,
Cybersecurity ,
Data Breach ,
Enforcement ,
Federal Trade Commission (FTC) ,
Information Technology ,
Investment Adviser ,
Investment Company Act of 1940 ,
Notice Requirements ,
Policies and Procedures ,
Proposed Amendments ,
Regulation S-P ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information
Judge Jeffrey White of the Northern District of California recently dismissed a putative class action lawsuit in which plaintiffs claimed they faced an imminent threat of future of harm in the form of identity theft and fraud...more
One of the key decisions that needs to be made in the aftermath of a successful ransomware attack is whether or not the victim organization can or should pay the ransom. Of course, there are many considerations that go into...more
In 2020, SolarWinds Corp., a company that provided information technology software to private and government entities, was the victim of a cybersecurity breach. Russian hackers are believed to have slipped malicious code...more
11/16/2022
/ Bad Faith ,
Breach of Duty ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Enforcement ,
Fiduciary Duty ,
Hackers ,
Russia ,
Securities and Exchange Commission (SEC) ,
Shareholders ,
SolarWinds ,
Technology Sector
"Today, nearly every company is or wants to be a business capable of leveraging information and advances in technology. At the same time privacy and cybersecurity laws are changing, becoming more complex and requiring more...more
9/28/2022
/ Acquisitions ,
Cybersecurity ,
Data Privacy ,
Due Diligence ,
EU ,
General Data Protection Regulation (GDPR) ,
Mergers ,
Personal Information ,
Popular ,
Privacy Laws ,
UK
As reported last week, it appears that a state-sponsored security hack has resulted in a major security compromise in widely-used software offered by a company called SolarWinds. The compromised software, known as Orion, is...more
12/22/2020
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Hackers ,
Incident Response Plans ,
Popular ,
Risk Mitigation ,
SolarWinds ,
Supply Chain
As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product, known as Orion, helps organizations...more
12/22/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Dual Purpose ,
Due Diligence ,
Hackers ,
Incident Response Plans ,
Popular ,
Risk Assessment ,
SolarWinds
Ransomware is a Serious and Growing Problem -
In recent years, Ransomware has evolved from merely encrypting files/disabling networks in solicitation of ransom, to sophisticated attacks that often involve actual data...more
12/15/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Strict Liability
As we previously reported, the Magistrate Judge in In re: Capital One Customer Data Security Breach Litigation, found that a forensic report that Capital One had claimed was protected by the privilege and work product...more
7/1/2020
/ Attorney-Client Privilege ,
Capital One ,
Corporate Counsel ,
Cybersecurity ,
Discovery ,
Document Productions ,
Dual Purpose ,
Litigation Strategies ,
Master Service Agreement ,
Popular ,
Scope of Work ,
Work-Product Doctrine
Requires More than Merely Adding Counsel’s Name to a Forensic Report.
Technical investigations conducted following cyber-incidents often have both legal and ordinary-course business purposes. In certain jurisdictions,...more
The developing coronavirus pandemic affects businesses and personnel within the state and elsewhere. With more New Yorkers working from home, there are more opportunities for cyberattacks through unsecure remote connections...more
4/2/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Malware ,
Phishing Scams ,
Remote Working ,
Risk Assessment ,
Risk Management ,
SHIELD Act ,
Small Business ,
Telecommuting