Focused commentary on the latest in data strategy, cybersecurity preparedness, regulatory compliance and incident response
Appearing in The Review of Securities & Commodities Regulation
In recent years, the SEC and FINRA have created a number of new units to increase their capacity to use data analytics in market surveillance and policy/rulemaking activities. This article summarizes these units, their objectives and the types of investigations that…
Continue Reading The SEC and FINRA’s Use of Big Data in Investigations and the Implications for Defense Counsel
On Friday, May 29, 2020, Davis Polk’s own Rob Cohen led a panel on cybersecurity law and enforcement issues for the Practising Law Institute’s (“PLI”) tenth annual program on enforcement. The panel included individuals from the FBI, U.S. Attorney’s Office for the Southern District of New York, New York…
Continue Reading PLI Cybersecurity Enforcement Panel: Lessons Learned from Regulators and Law Enforcement
New commentary from a respected think tank attempts to provide guidance on cross-border data transfers. The guidance proposes principles for determining which country’s law to apply to a cross-border transfer. Although there is no guarantee that the guidance will gain favor with courts or regulators, it is an important indicator…
Continue Reading Navigating Cross-Border Data Transfers: Lessons from the Sedona Conference Commentary
On Tuesday April 14, 2020, the fifth annual Incident Response Forum (the “Forum”) convened an extensive roster of presenters from private practice and the government, including from the DHS, DOJ, FTC, SEC, NYDFS, FBI, and the Secret Service, to discuss best practices for incident response.
The government panelists shared insights…
Continue Reading 2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement
As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls. Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements. As detailed…
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight
Davis Polk attorneys authored a chapter on U.S. Cybersecurity Laws for the GDR Insight Handbook 2020. The chapter, which can be read here, was written by Avi Gesser, Matthew J. Bacal, Daniel F. Forester, Matthew A. Kelly, Clara Y. Kim, and Gianna C. Walton, and was published by…
Continue Reading Global Data Review Publishes Davis Polk’s Chapter on United States Cybersecurity Laws in GDR Insight Handbook
We have recently written on whether protecting personal data should be regulated using a property model instead of a privacy model (and concluded, probably not). Another framework for regulating personal data that is getting increased attention is a national security model, which looks at securing personal data as a means…
Continue Reading Considering A National Security Framework for Protecting Personal Data
Momentum is building in Congress for federal privacy legislation and several states have their own privacy laws in the works. But, as concerns grow that companies are collecting and sharing personal information about U.S. residents without their knowledge and not adequately protecting that data, regulators and plaintiffs aren’t waiting for…
Continue Reading Regulators and Plaintiffs Aren’t Waiting for Privacy Legislation: Companies Face Potential Liability Now and Can Take Steps to Reduce Risks
In our first Cyber Blog post, we predicted that the rules-based approach adopted by the NYDFS would become the model for cybersecurity regulation. Two years later, we’re feeling pretty good about that prediction, as the FTC recently proposed incorporating a number of aspects of the NYDFS cybersecurity rules into…
Continue Reading The FTC Moves Toward a Rules-Based Approach to Cybersecurity Regulation for Financial Institutions
In the last few years, we have seen a dramatic increase in the purchase and sale of alternative data—a shorthand for big data sets, such as satellite images of parking lots, drug approvals, credit card purchases, cellphone data on retail foot traffic, and construction permits. According to alternativedata.org, the alternative…
Continue Reading Alternative Data Goes Mainstream, and Gets Increased Attention from Regulators