Latest Articles

On April 29, the New York Department of Financial Services (NY DFS)—the state’s principal banking and insurance regulator—announced that it is creating a new Consumer Protection and Financial Enforcement (CPFE) division. The new division, described by commentators as a state-level version of the Consumer Financial Protection Bureau (CFPB), or “mini CFPB,” will have responsibility for consumer financial enforcement and have oversight over consumer financial services institutions within the state. The NY DFS’s announcement highlighted…
On April 16, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert highlighting Regulation S-P compliance deficiencies and issues it found in recent examinations of broker-dealers and investment advisers. Regulation S-P is the primary SEC rule detailing the safeguards these firms must take to protect customer privacy. The Risk Alert provides an important reminder for firms to assess their supervisory and compliance programs related to Regulation S-P and make any necessary…
On April 16, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting Regulation S-P compliance deficiencies and issues it found in recent examinations of broker-dealers and investment advisers.  Regulation S-P is the primary SEC rule detailing the safeguards these firms must take to protect customer privacy.  The Risk Alert provides an important reminder for firms to assess their supervisory and compliance programs related to Regulation S-P and make any necessary…
On April 15, the New Jersey Bureau of Securities (the “Bureau”) issued a rule proposal to establish a uniform fiduciary duty standard applicable to investment advisers, brokers-dealers and their registered representatives and agents.  Specifically, the proposed rule (N.J.A.C. 13:47A-6.4), which could take effect as early as the end of the year, will require all investment professionals registered with the Bureau to provide investment advice, recommend investment strategies, open or transfer assets to any type of…
On April 25, the Securities and Exchange Commission announced a settlement with Yahoo that constituted its first enforcement action against a public company for failing to disclose a data breach. This settlement demonstrates that companies in post-data breach environments must engage in a thorough, fulsome analysis of whether to disclose the cybersecurity incident in their public filings. In conducting this analysis, companies face a difficult choice: disclose and face public and investor backlash, or decline…
Seemingly not a day goes by without news of another major data breach. In the past few weeks, Yahoo! announced that at least 500 million of its user accounts were stolen in 2014, hot on the heels of Dropbox’s announcement that more than 68 million of its accounts were compromised.  Data breach announcements by major companies are inevitably swiftly followed by class action complaints alleging a bevy of state and common-law claims.  Yet despite the…
As businesses and financial institutions grapple with data security in the wake of high profile breaches, tensions between retailers and the credit card industry over the creation and implementation of security standards appear to be growing. The disagreements between these two groups manifested themselves on June 2, when the National Retail Federation (“NRF”), the world’s largest retail trade association, announced that it sent a nineteen-page white paper to the Federal Trade Commission (“FTC”) encouraging it…
Two recent developments in data privacy litigation highlight the continuing challenges to companies that collect internet usage information without clearly disclosing the manner and method in which they are doing so to users.  As these events demonstrate, plaintiffs’ attorneys are aggressively bringing actions against companies that collect user data, including through the invocation of California’s broad consumer-protection laws and even through an antiquated statute originally designed to prevent Blockbuster and its ilk from disclosing patrons’…