AUTHOR ARCHIVES: Kate Hanniford

Kate Hanniford

Kate Hanniford is a member of the Technology & Privacy Group and Cybersecurity Preparedness & Response Team. She focuses her practice on cybersecurity counseling, as well as federal securities law compliance, enforcement, and litigation. Read more→

SEC Investigative Report Cautions Public Companies to Consider Cyber Threats When Implementing Internal Accounting Controls

Posted on: 22 Oct 2018

The Securities and Exchange Commission issued an investigative report last week cautioning public companies to consider cyber incidents and threats when implementing internal accounting controls.  The report details the SEC Enforcement Division’s investigations of nine public companies that were victims of cyber-related fraud schemes to determine whether the companies may have violated the federal securities laws by failing to maintain a sufficient system of internal accounting controls.  Based on the investigations, the report concludes that public companies’ internal accounting controls […] Read more

NYDFS Cybersecurity Requirements Compliance Deadline Nears for Key Provisions

Posted on: 16 Aug 2018

September 4, 2018 marks the end of the transitional period for covered entities to comply with several key provisions of the NYDFS Cybersecurity Requirements that require certain systemic and sustained measures. These provisions include the encryption and audit trail requirements as well as ones relating to the implementation of monitoring policies, procedures, and controls, application security, and data retention limitations. Encryption (500.15): The regulation requires covered entities to encrypt Nonpublic Information held or transmitted by a covered entity both in transit over external […] Read more

LabMD: The End of the FTC in Cyber or Just a New Path?

Posted on: 12 Jul 2018

The U.S. Court of Appeals for the Eleventh Circuit recently issued its opinion in LabMD, Inc. v. FTC, No. 16-16270 (11th Cir. June 6, 2018), declaring unenforceable a Federal Trade Commission (FTC) order requiring LabMD to implement an extensive cybersecurity plan. The case is noteworthy for its lengthy procedural background—during which time LabMD became defunct—and its holding, which has called into question the FTC’s authority to impose wide-ranging, comprehensive cybersecurity plans. The LabMD matter dates to 2005, when LimeWire file sharing software was installed on a company computer, […] Read more

Colorado Enacts Expanded Data Breach Notification Law

Posted on: 05 Jun 2018

Consistent with recent expansions to state data breach notification laws, Colorado recently enacted an expanded data privacy law that strengthens the state’s existing breach notification law and that requires policies and procedures concerning the protection and destruction of personal identifying information (“PII”).  The law applies to any individual or commercial entity that maintains, owns, or licenses “personal information” or PII, as applicable, in the course of its business, vocation, or occupation, and also contains largely identical provisions that apply to state and local governments.  […] Read more