The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently published an alert on ransomware, informing financial institutions of a recent rise in phishing attempts targeting SEC registrants and their service providers. The alert is the latest example of the SEC’s focus on cybersecurity issues at public companies and
Continue Reading OCIE Issues Alert on Ransomware
SEC
The SEC and FINRA’s Use of Big Data in Investigations and the Implications for Defense Counsel
Appearing in The Review of Securities & Commodities Regulation
In recent years, the SEC and FINRA have created a number of new units to increase their capacity to use data analytics in market surveillance and policy/rulemaking activities. This article summarizes these units, their objectives and the types of investigations that…
Continue Reading The SEC and FINRA’s Use of Big Data in Investigations and the Implications for Defense Counsel
Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight
As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls. Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements. As detailed…
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight
Introducing a New Author to the Davis Polk Cyber Blog with His First Blog Post: What SEC Examiners Will Ask About Cybersecurity
The SEC’s recent publication of examination observations related to cybersecurity practices provides a helpful benchmark for firms trying to understand common market practices.
***
The Davis Polk Cyber Blog welcomes a new author, partner Robert Cohen. Rob has 15 years of experience in the SEC’s Division of Enforcement across…
Continue Reading Introducing a New Author to the Davis Polk Cyber Blog with His First Blog Post: What SEC Examiners Will Ask About Cybersecurity
Ephemeral Messaging for Businesses: Balancing the Risks of Keeping and Deleting Data by Default
One way for companies to decrease their cybersecurity risks, as well as their risks from new privacy regulations, is through data minimization—significantly reducing the amount of their data. By deleting old data and collecting less new data, companies will have less sensitive information to protect and process in accordance with…
Continue Reading Ephemeral Messaging for Businesses: Balancing the Risks of Keeping and Deleting Data by Default
Regulators and Plaintiffs Aren’t Waiting for Privacy Legislation: Companies Face Potential Liability Now and Can Take Steps to Reduce Risks
Momentum is building in Congress for federal privacy legislation and several states have their own privacy laws in the works. But, as concerns grow that companies are collecting and sharing personal information about U.S. residents without their knowledge and not adequately protecting that data, regulators and plaintiffs aren’t waiting for…
Continue Reading Regulators and Plaintiffs Aren’t Waiting for Privacy Legislation: Companies Face Potential Liability Now and Can Take Steps to Reduce Risks
Avi Gesser Interviewed by Law360 on Equifax Shareholder Class Action
Avi Gesser was interviewed by Law360 in an January 31, 2019 article regarding an shareholder class action suit against Equifax and its former CEO relating to the company’s 2017 data breach and possible implications for cybersecurity risk disclosures.
Continue Reading Avi Gesser Interviewed by Law360 on Equifax Shareholder Class Action
Avi Gesser Interviewed by The Cybersecurity Law Report on Recent SEC Enforcement
Avi Gesser was interviewed by The Cybersecurity Law Report in an October 31, 2018 article regarding recent SEC cybersecurity enforcement actions and how firms can meet their regulatory obligations to reduce the risk of business email compromise scams.
Continue Reading Avi Gesser Interviewed by The Cybersecurity Law Report on Recent SEC Enforcement
SEC Penalizes Cybersecurity Weakness
A recent SEC Order should be a reminder to registered entities, including small- and medium-sized firms, that the SEC is monitoring the reasonableness of their cybersecurity policies and procedures, and that it may take action in the event of a breach, even in the absence of economic harm.
The SEC’s…
Continue Reading SEC Penalizes Cybersecurity Weakness
Davis Polk Memo – Adding Insult to Injury
We have issued a memo on a Section 21(a) report of investigation from the Securities and Exchange Commission, which warns that cyber incidents may lead to enforcement action.