On Friday, May 29, 2020, Davis Polk’s own Rob Cohen led a panel on cybersecurity law and enforcement issues for the Practising Law Institute’s (“PLI”) tenth annual program on enforcement. The panel included individuals from the FBI, U.S. Attorney’s Office for the Southern District of New York, New York
Continue Reading PLI Cybersecurity Enforcement Panel: Lessons Learned from Regulators and Law Enforcement
NY Department of Financial Services
2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement
On Tuesday April 14, 2020, the fifth annual Incident Response Forum (the “Forum”) convened an extensive roster of presenters from private practice and the government, including from the DHS, DOJ, FTC, SEC, NYDFS, FBI, and the Secret Service, to discuss best practices for incident response.
The government panelists shared insights…
Continue Reading 2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement
Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight
As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls. Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements. As detailed…
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight
Alternative Data Goes Mainstream, and Gets Increased Attention from Regulators
In the last few years, we have seen a dramatic increase in the purchase and sale of alternative data—a shorthand for big data sets, such as satellite images of parking lots, drug approvals, credit card purchases, cellphone data on retail foot traffic, and construction permits. According to alternativedata.org, the alternative…
Continue Reading Alternative Data Goes Mainstream, and Gets Increased Attention from Regulators
With the Sedona Report, Companies Get Some Helpful Guidance on How to Get Rid of Large Volumes of Old Data
We have written here before about the challenges and benefits of getting rid of old data. As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning. Last week, the New York Department of Financial Services (“NYDFS”) issued a reminder…
Continue Reading With the Sedona Report, Companies Get Some Helpful Guidance on How to Get Rid of Large Volumes of Old Data
Standards vs. Rules for Cyber Regulation – The Eleventh Circuit Weighs in Against the FTC and in Tacit Support for the NYDFS Approach
On June 6, 2018, the Eleventh Circuit vacated a cease and desist order issued by the FTC against LabMD as unenforceably vague. The FTC’s Order, which resulted from a finding that LabMD had failed to maintain an adequate cybersecurity program, directed LabMD to “establish and implement, and thereafter maintain,…
Continue Reading Standards vs. Rules for Cyber Regulation – The Eleventh Circuit Weighs in Against the FTC and in Tacit Support for the NYDFS Approach
NYDFS Brings Its First Cybersecurity Enforcement Action
We had previously predicted that the Equifax data breach could lead to increased state-level cybersecurity enforcement. On June 27, the NYDFS announced that Equifax has agreed to take corrective action for its 2017 data breach, as set forth in a consent order reached with the NYDFS and seven other…
Continue Reading NYDFS Brings Its First Cybersecurity Enforcement Action
Getting Rid of Old Data Is Becoming a Regulatory Requirement
For years, the default setting at many companies was to keep electronic data indefinitely. Storage is cheap, there are legal risks associated with deleting data, and you never know when an email from 10 years ago is going to become important. Some companies have document management policies, but often they…
Continue Reading Getting Rid of Old Data Is Becoming a Regulatory Requirement
NYDFS Highlights Continued Importance of Cybersecurity in M&A Due Diligence
The New York Department of Financial Services (“NYDFS”) recently issued guidance for its covered entities[1] highlighting the importance of cybersecurity as a necessary part of M&A due diligence. This guidance comes in the greater context of the Yahoo! SEC resolution to demonstrate that regulators are paying close attention to…
Continue Reading NYDFS Highlights Continued Importance of Cybersecurity in M&A Due Diligence
Cybersecurity Law and Regulatory Predictions for 2018
The new year is fast approaching. 2017 has been a year of major cyber incidents, including the Equifax breach. Cybersecurity will continue to be a top concern for companies in the new year. Avi Gesser spoke with Markets Media about his outlook for cybersecurity law and regulation in 2018.
Which
…
Continue Reading Cybersecurity Law and Regulatory Predictions for 2018