On August 22, 2024, the United States intervened in a whistleblower suit against the Georgia Institute of Technology, initially filed by current and former members of Georgia Tech’s cybersecurity team, alleging that Georgia...more
On June 24, 2024, the Commerce Department published a Final Determination under its Information and Communications Technology and Services (ICTS) authorities. The determination prohibits the Russian-controlled cybersecurity...more
Cybersecurity is a looming threat for most businesses. The impact of a major cyber event can resonate for weeks, months, and even years after the initial attack. To mitigate the risks to consumers, there have been several...more
The Federal Trade Commission has reached a settlement in the matter of CafePress. Here are some things you should know: Data minimization: •Storing information indefinitely on your network without a business need creates...more
On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity...more
In a notable event on Election Day this November, California voters approved amendments to the California Consumer Privacy Act (CCPA) and enacted a new statute – the California Privacy Rights Act (CPRA). The new statute...more
US regulators are calling attention to financial firms’ obligations to protect against evolving cybersecurity threats. On October 2, 2019, the Financial Industry Regulatory Authority (FINRA) issued an information notice to...more
On September 12, 2019, the Commodity Futures Trading Commission (CFTC) announced a settlement with Phillip Capital Inc. (PCI or the “Company”), a registered futures commission merchant (FCM), after hackers successfully...more
As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
On January 7, 2019, the National Futures Association (NFA) issued an amendment to its Interpretive Notice on required Information Systems Security Programs (ISSPs) for NFA Members. ISSPs are required by the NFA so that NFA...more
Following other regulators, the National Futures Association (NFA) recently amended its cybersecurity guidance to, among other things, impose a new cybersecurity incident reporting requirement on members....more
A well-renowned think tank sued the Securities and Exchange Commission claiming that the SEC’s prohibition against respondents contesting allegations in enforcement settlements violates the freedom of speech guarantee under...more
• The NFA has determined that registered CPOs must implement an internal controls system and highlighted best practices for such a framework. • In response to certain frequently asked questions, the NFA has also updated its...more
CFTC - NFA Amends Interpretive Notice Regarding ISSPs - On January 7, the National Futures Association (NFA) issued a notice to its members that amendments to its Interpretative Notice, entitled NFA Compliance Rules...more
Introduction - By letter dated December 10, 2018, the National Futures Association (“NFA”), the self-regulatory organization for the U.S. derivatives industry, submitted to the U.S. Commodity Futures Trading Commission...more
On February 12, 2018, the Commodity Futures Trading Commission (CFTC) settled charges against AMP Global Clearing LLC (AMP), a futures commission merchant (FCM), for the company’s failure to adequately supervise one of its IT...more
• In recently released guidance, the U.S. Department of Defense (DoD) confirms a "one size does not fit all" approach to contractor compliance with its cybersecurity clauses that cover the safeguarding of contractor networks,...more
On May 18, 2016, Department Security Service (DSS) recently approved Change 2 (Change 2) to the National Industrial Security Program Operating Manual (NISPOM). Change 2 significantly revised Chapter 8 of the NISPOM relating...more
On February 29, National Futures Association (NFA) issued Interpretive Notice I-16-10, which notifies member firms about the addition of a cybersecurity section to NFA’s Self-Examination Questionnaire. This section is...more
Commencing March 1, 2016, all commodity pool operators, commodity trading advisors, futures commission merchants, retail foreign exchange dealers, investment brokers, major swap participants and swap dealers that are National...more
National Futures Association (NFA) has issued a reminder that its interpretive notice on information systems security programs becomes effective on March 1. The interpretive notice, which was discussed in detail in the...more
On October 23, 2015, the National Futures Association (NFA) adopted its Interpretive Notice Regarding Information Systems Security Programs (the Notice). As noted in our prior Password Protected update, the Notice requires...more
The National Futures Association (NFA) adopted on October 23, 2015 an “Interpretive Notice to NFA Compliance Rules 2-9, 2-36, and 2-49: Information Systems Security Programs” (Notice). The Notice requires each NFA Member to...more
The Commodity Futures Trading Commission has approved the National Futures Association (NFA)’s interpretive notice related to Information System Security Programs (which was discussed in detail in the September 4, 2015...more
The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs...more