SEC

Subscribe to SEC

The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently published an alert on ransomware, informing financial institutions of a recent rise in phishing attempts targeting SEC registrants and their service providers.  The alert is the latest example of the SEC’s focus on cybersecurity issues at public companies and
Continue Reading OCIE Issues Alert on Ransomware

Appearing in The Review of Securities & Commodities Regulation

In recent years, the SEC and FINRA have created a number of new units to increase their capacity to use data analytics in market surveillance and policy/rulemaking activities. This article summarizes these units, their objectives and the types of investigations that
Continue Reading The SEC and FINRA’s Use of Big Data in Investigations and the Implications for Defense Counsel

As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls.  Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements.  As detailed
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight

The SEC’s recent publication of examination observations related to cybersecurity practices provides a helpful benchmark for firms trying to understand common market practices.

***

The Davis Polk Cyber Blog welcomes a new author, partner Robert Cohen.  Rob has 15 years of experience in the SEC’s Division of Enforcement across
Continue Reading Introducing a New Author to the Davis Polk Cyber Blog with His First Blog Post: What SEC Examiners Will Ask About Cybersecurity

One way for companies to decrease their cybersecurity risks, as well as their risks from new privacy regulations, is through data minimization—significantly reducing the amount of their data.  By deleting old data and collecting less new data, companies will have less sensitive information to protect and process in accordance with
Continue Reading Ephemeral Messaging for Businesses: Balancing the Risks of Keeping and Deleting Data by Default

Momentum is building in Congress for federal privacy legislation and several states have their own privacy laws in the works.  But, as concerns grow that companies are collecting and sharing personal information about U.S. residents without their knowledge and not adequately protecting that data, regulators and plaintiffs aren’t waiting for
Continue Reading Regulators and Plaintiffs Aren’t Waiting for Privacy Legislation: Companies Face Potential Liability Now and Can Take Steps to Reduce Risks

Avi Gesser was interviewed by The Cybersecurity Law Report in an October 31, 2018 article regarding recent SEC cybersecurity enforcement actions and how firms can meet their regulatory obligations to reduce the risk of business email compromise scams.
Continue Reading Avi Gesser Interviewed by The Cybersecurity Law Report on Recent SEC Enforcement

A recent SEC Order should be a reminder to registered entities, including small- and medium-sized firms, that the SEC is monitoring the reasonableness of their cybersecurity policies and procedures, and that it may take action in the event of a breach, even in the absence of economic harm.

The SEC’s
Continue Reading SEC Penalizes Cybersecurity Weakness