Avi Gesser co-authored an article with Davis Polk associates Matthew Kelly, Will Schildknecht, and Anna Marienko that was published in the New York Law Journal on May 31, 2019, and that discusses the competing interests of cybersecurity and employee privacy that employers must balance when implementing reasonable cybersecurity measures.  The
Continue Reading

One way for companies to decrease their cybersecurity risks, as well as their risks from new privacy regulations, is through data minimization—significantly reducing the amount of their data.  By deleting old data and collecting less new data, companies will have less sensitive information to protect and process in accordance with
Continue Reading

We recently wrote about companies monitoring employees to reduce cybersecurity risks. Those insider threat risks do not end when employees leave the company. Sensitive company data in the hands of a disgruntled former employee is obviously a potential risk, but so is unauthorized access to confidential company information by a
Continue Reading

Davis Polk’s Avi Gesser, associate Matt Kelly, and law clerk Samantha Pfotenhauer co-authored an article, The Expanding Role of Lawyers in Addressing Cyber Risk at Financial Firms, appearing in this month’s issue of The Review of Securities & Commodities Regulation.

Not that long ago, cybersecurity was viewed as
Continue Reading

Two-factor authentication is one of the most common measures that companies use to reduce cyber risk, but it is not very effective if companies don’t also have a good lost-phone protocol.

Various regulations and industry rules require two-factor authentication (also referred to as multi-factor authentication or MFA) including the NYDFS
Continue Reading

On April 1, 2019, new cybersecurity requirements outlined in the NFA’s Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 will come into effect.  These new requirements apply to NFA Members, including registered futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, and
Continue Reading

Insider data threats – which include the deliberate theft or destruction of sensitive information, as well as innocent mistakes that result in a loss of control of confidential data – have become a primary risk factor to most businesses.  To properly maintain cybersecurity and protect confidential information, companies need to
Continue Reading

Avi Gesser co-authored an article with Davis Polk associate Matthew Kelly and law clerk Samantha Pfotenhauer that was published in the New York Law Journal on March 1, 2019.  The article addresses the role of in-house counsel in preparing for and responding to cybersecurity incidents.
Continue Reading

New cyber regulations, such as the California Consumer Privacy Act, have companies concerned about expanding potential liability.  Companies fear that private rights of action are being created that will allow consumers to sue by alleging that the companies failed to protect their personal information.  But attention should also be paid
Continue Reading