Kate Hanniford

About Kate Hanniford

Kate Hanniford is a member of the Technology & Privacy Group and Cybersecurity Preparedness & Response Team. She focuses her practice on cybersecurity counseling, as well as federal securities law compliance, enforcement, and litigation.

[Read Bio]

Critical Audit Matters Disclosure Implicates Information Technology and Security

November 6, 2019 By Kate Hanniford

As independent auditors to public companies and business development companies begin to make required disclosure of Critical Audit Matters (CAMs) to the audit committee, such reports are beginning to include discussion of information security programs and information technology controls. Independent auditors have treated material weaknesses in certain information technology controls as material weaknesses in internal […]

SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues

April 18, 2019 By Kate Hanniford

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule, Regulation S-P, based on recent examinations. Placed in context with prior OCIE Risk Alerts concerning cybersecurity practices and Regulation S-P […]

Companion Cybersecurity Disclosure Bills Introduced in U.S. Congress

March 20, 2019 By Kate Hanniford

On February 28 and March 13, 2019, members of the U.S. Senate and U.S. House of Representatives introduced legislation designed to enhance the transparency of cybersecurity risk oversight at certain SEC reporting companies. Although the text of the House bill, H.R. 1731 is not yet publicly available, the bipartisan Senate bill, S. 592, would require […]

NYDFS Cybersecurity Regulations Nearly Fully Effective

February 15, 2019 By Kate Hanniford

The February 15, 2019 NYDFS compliance certification deadline represents the last annual compliance certification subject to the transition period for covered entities to come into compliance with the cybersecurity regulations. NYDFS now expects covered entities to certify as to their compliance with all but one provision of the cybersecurity regulations which relates to the implementation […]

HHS Releases New “Health Industry Cybersecurity Practices”

January 8, 2019 By Kate Hanniford

On December 28, 2018, the Department of Health and Human Services (HHS) issued new voluntary cybersecurity guidance for the health care industry titled, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.” This four-volume set of consensus-based principles and practices (the “HICP”) reflects the recommendations of the 405(d) Task Group, a HHS and industry-led collaborative […]