Good afternoon and thank you for inviting me to speak today. Before I begin, let me give the required disclaimer that the views I express here today are my own and do not necessarily represent the views of the Commission
cybersecurity
Should Cybersecurity Be a Human Right?
The May 2017 WannaCry ransomware attack affected more than 200,000 computers spread across 150 nations. The results of the attack made clear that computers whose software is not up to date can hurt not only the computers’ owners, but ultimately …
Davis Polk Discusses Target’s Cyber Breach Settlement
On May 23, Target Corp. reached a record $18.5 million settlement with 47 states and the District of Columbia to end investigations into Target’s data breach in 2013. The settlement highlights the growing list of specific measures that companies are …
PwC Discusses How Financial Institutions Can Bolster Defenses Against Risk
Many financial institutions1 have implemented the three Lines of Defense (LoD) model to help define their risk management frameworks and bolster supervisors’ (e.g., desk heads and senior traders) abilities to monitor risk.2 However, as frameworks for managing financial …
Gibson Dunn Reviews U.S. Cybersecurity and Data Privacy
In 2016, companies, governments, and consumers were again challenged to navigate an evolving landscape of cybersecurity and privacy issues. This year saw flash points impacting the trajectory for data breach litigation, the future for privacy class actions, and the scope …
Debevoise Analyzes Revised New York Cybersecurity Regulation for the Financial Sector
New York’s Department of Financial Services (DFS or the Department) has responded to a large volume of comments about its proposed, sweeping cybersecurity regulation for banks, insurers and other financial service providers by softening a number of provisions that many …
Sullivan & Cromwell Discusses Hacking and Cyber Threats to Director Communications
The growth in cybersecurity threats combined with the increasing demands placed on outside directors create challenges that often go beyond the risks that public companies face from employee and client communications. If public companies cannot communicate quickly with directors or …
PwC Discusses New York’s Proposed Cybersecurity Rules
On September 13, 2016, the New York State Department of Financial Services (DFS) proposed a broad set of cybersecurity regulations for banks, insurers, and other financial institutions.[1] The proposal is largely consistent with existing guidance (e.g., under the NIST …
Debevoise & Plimpton discusses New York’s Proposed Cyber Regulations
On September 13, 2016, the New York Department of Financial Services (“DFS” or the “Department”) issued proposed regulations (the “Proposed Regulations”) designed to guard against the onslaught of cyber-attacks faced by banks, insurance companies and other financial services providers.[1]…
Morrison & Foerster Covers the Highlights of World Economic Forum’s Blockchain Report
The World Economic Forum threw a knockout punch last month when it released its report, “The Future of Infrastructure: An Ambitious Look at How Blockchain Can Reshape Financial Services.”[1] When Giancarlo Bruno, the World Economic Forum’s Head …
Shearman & Sterling offers the Lowdown on EU General Data Protection Law
On April, 27 2016, the European Council and Parliament finally adopted a new data protection law: the General Data Protection Regulation (GDPR). The following is a summary of key issues and a checklist of initial tasks to help you prepare …
Gibson Dunn explains the New EU-Wide Rules on Cybersecurity
On July 6, 2016, the European Parliament officially adopted the Network and Information Security (NIS) Directive[1] which is expected to fully enter into force in May 2018. The NIS Directive is the first set of cybersecurity rules to be …
Shearman & Sterling’s 2016 Mid-Year Review of Securities Enforcement
Executive Summary[1]
The Securities and Exchange Commission (SEC or Commission) brought over 400 enforcement actions in the first half of fiscal year (FY) 2016, and is on pace to surpass its record of 807 enforcement actions in a single …
Financial Weapons and Modern Warfare
A new type of warfare is upon us. In this new mode of war, finance is the most powerful weapon, bullets are not fired, financial institutions are the targets, and almost everyone is at risk. Instead of smart bombs, improvised …
Dodd-Frank Stress Tests Are Fine, but We Need a Cybersecurity Stress Test, Too
Last week, news emerged that China had hacked the FDIC on several occasions during the past few years. This revelation renews concerns about the security of America’s financial institutions and comes on the heels of the third bank hacking through …
Kirkland discusses Private Fund Manager 2015 Review of Registered Investment Adviser Developments
The year 2015 marked the fifth anniversary of passage of the Dodd-Frank Act and, for many private fund managers, the third anniversary of SEC registration under the Investment Advisers Act. The past year also saw a number of notable SEC …
Sullivan & Cromwell discusses The Cybersecurity Act of 2015
On December 18, 2015, President Obama signed into law the Cybersecurity Act of 2015. The Act, arguably the most significant piece of federal cyber-related legislation enacted to date, establishes a mechanism for cybersecurity information sharing among private‑sector and federal government …
Latham & Watkins discusses Cybersecurity Due Diligence in M&A Transactions
To begin with a tautology, when you buy a company, you buy their data—and the attendant risks to that data. Cybersecurity risks are not limited to consumer-facing businesses, whose recent losses of cardholder or patient data grab news headlines. Indeed, …
WilmerHale reports ALJ Dismisses FTC’s LabMD Complaint for Lack of Actual or Probable Consumer Harm from Cybersecurity Incidents
On Friday, November 13, Federal Trade Commission (“FTC” or the “Commission”) Chief Administrative Law Judge (“ALJ”) D. Michael Chappell issued an Initial Decision in In the Matter of LabMD, Inc. (FTC Docket No. 9357), dismissing the Commission’s Complaint against LabMD, …
Morrison & Foerster explains ECJ Safe Harbor Opinion’s Implications for all Data Transfers out of Europe
The European Court of Justice (ECJ) followed the core of the Opinion of the Advocate General (AG) (see our Privacy Minute dated October 3, 2015) in Schrems v. Data Protection Commissioner (Case No. C-362/14).
Summary
In sum, the ECJ …