Financial Privacy

Department of Justice Announces New Cryptocurrency Enforcement Team

October 7, 2021 By Kim Peretti

by Kim Peretti and Kristen Bartolotta On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the creation of a National Cryptocurrency Enforcement Team (NCET). This team was created to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual exchanges and money laundering infrastructure actors. Because of the […]

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

August 17, 2021 By Daniel Felz, Kate Hanniford and Wim Nauwelaerts

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]

New York and Illinois Regulators Recommend Third Party Cybersecurity Review For Specific Vulnerabilities

May 21, 2021 By James Harvey and Privacy, Cyber & Data Strategy Team

This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department encourages regulated entities to “assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact.” The […]

NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules

April 16, 2021 By Privacy, Cyber & Data Strategy Team

On April 14, 2021, the New York Department of Financial Services (“NYDFS”) announced a settlement with National Securities Corporation (“National Securities”), a licensed insurer, in connection with claims under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500). The consent order requires payment of a $3M penalty and mandatory remediation in response to alleged failures to […]

NYDFS Reports Major Cybersecurity Settlement

March 11, 2021 By James Harvey and Privacy, Cyber & Data Strategy Team

In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity […]