Momentum is building for federal data privacy legislation, in large part due to the passage of the California Consumer Privacy Act (CCPA) (which goes into effect in 2020) and other states enacting or considering their own consumer privacy laws. These developments have businesses concerned that they will face a patchwork
Continue Reading
Matthew Kelly
Mr. Kelly is an associate in Davis Polk’s Litigation Department. [Full Bio]
SEC Penalizes Cybersecurity Weakness
A recent SEC Order should be a reminder to registered entities, including small- and medium-sized firms, that the SEC is monitoring the reasonableness of their cybersecurity policies and procedures, and that it may take action in the event of a breach, even in the absence of economic harm.
The SEC’s…
Continue Reading
Cybersecurity Vendor Due Diligence—Some Practical Tips from the Front Lines
Some of the most significant recent cyber breaches originated at vendors. We have previously discussed the importance of effective oversight of third parties because vendor breaches can lead to regulatory actions for companies. Indeed, recent regulatory guidance provides that vendor diligence is an essential part of any cybersecurity program. This…
Continue Reading
With the Sedona Report, Companies Get Some Helpful Guidance on How to Get Rid of Large Volumes of Old Data
We have written here before about the challenges and benefits of getting rid of old data. As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning. Last week, the New York Department of Financial Services (“NYDFS”) issued a reminder…
Continue Reading
Cybersecurity and Vulnerability Assessments: Evolving Law on Hacking and Extortion in the Age of Bug Bounties
Companies and law enforcement are increasingly turning to white hat hackers for help. The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands…
Continue Reading
Reducing Unneeded Data Becoming Part of Cybersecurity Best Practices
In our cybersecurity and data management webcast now available below, Davis Polk partners Avi Gesser, Gabe Rosenberg, and associate Matt Kelly, recently discussed getting rid of old documents to reduce cyber risk.
To avoid ending up in the news as the latest victim of a cyber-attack, companies…
Continue Reading