The Securities and Exchange Commission (“SEC”) has sanctioned an investment adviser and fined it $75,000 for failing to “adopt written policies and procedures reasonably designed to protect customer records and information.” The SEC alleges that this failure, which was a violation of its Safeguards Rule, contributed to a cyber attack against the investment adviser that […]
Regulation
Safe Harbor Framework in Jeopardy after Advocate General Decision
Today, Advocate General Yves Bot advised the European Court of Justice that the US-EU Safe Harbor framework for the protection of trans-Atlantic transfers of personal data is invalid. The long awaited Opinion of the Advocate General in the so-called “Schrems case” (Case C-362/14 Maximilian Schrems v. Data Protection Commissioner) has now been published. The case […]
SEC Provides Additional Information On Cybersecurity Examinations
On September 15, 2015, the Security and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert to provide additional information on the areas of focus for its second round of cybersecurity examinations. The OCIE’s initial cybersecurity examinations in 2014 were to identify cybersecurity risks and assess cybersecurity preparedness in the securities […]
Illinois Governor Vetoes Data Protection Bill; Suggests Revisions
Illinois Governor Bruce Rauner vetoed a bill amending the state’s data breach notification law on August 21, 2015, saying in a letter to the General Assembly that the bill “goes too far, imposing duplicative and burdensome requirements that are out-of-step with other states.” The bill, S.B. 1833, would have amended Illinois’ Personal Information Protection Act […]
Amended Washington Data Breach Law Requires Attorney General Notification, Imposes 45-Day Notice Time Limit
Earlier this year, Washington passed an amended version of its data breach notification law, which goes into effect Friday July 24, 2015. Washington’s updated breach notification statute will now, among other things, require compromised entities to notify the state Attorney General (AG) in some circumstances, and require notification to both consumers and, as applicable, the […]