Latest Articles

California already has some of the strongest data privacy laws in the United States, but within the past week state legislators, with the backing of the California Attorney General Xavier Becerra, have proposed two new bills that would strengthen California’s data privacy laws even more. One bill (SB 561) would amend key sections of the California Consumer Privacy Act (the “CCPA”), which we have previously blogged about when it was first enacted and…
The California Consumer Privacy Act (CCPA) is a major new state law poised to affect the privacy landscape not just in California, but in the U.S. as a whole. (For a detailed overview of the CCPA, read our previous post.) On August 31, the California legislature passed several amendments to the CCPA that will have a significant impact on its implementation.…
This has been a big year in the data protection world, with the headline-grabbing General Data Protection Regulation (GDPR) occupying most of the spotlight with its plethora of privacy-related requirements and potential for high fines for violators. While companies (justifiably) may be focused on the GDPR at the moment, it’s also important to keep an eye on new privacy laws on the horizon in order to avoid last-minute scrambles for compliance as effective dates near.…
On February 21, 2018, the Securities and Exchange Commission (SEC) issued an interpretive Commission Statement and Guidance on Public Company Cybersecurity Disclosures (the “Guidance”) to assist public companies in meeting their cybersecurity disclosure requirements under the federal securities laws. The Guidance notes that, as reliance on networked systems and the Internet have increased, so too have the risks and frequency of cybersecurity incidents, and companies have no choice but to incur the considerable costs of addressing…
The General Data Protection Regulation (GDPR) comes into force across the European Union (EU) on 25 May 2018. It will have an impact on EU fund managers and may have an impact on non-EU fund managers depending on their operations. Below are FAQs to help EU and non-EU fund managers determine the extent to which the GDPR may affect them and the next steps they should consider taking. Compliance with GDPR is especially important given the…
We are reaching out to our investment firm clients to advise them of an email “spear phishing” scam that has targeted investment firms recently, attempting to lure their personnel into inadvertently revealing their email account credentials to criminal fraudsters, and making wire transfers to the criminal’s account instead of the intended account. There has been a significant uptick in this scam against investment firms. We recommend that our clients advise their personnel who are involved…
On September 22, 2015, the Securities and Exchange Commission (SEC) announced the settlement of an enforcement action against a St. Louis-based registered investment adviser brought under Rule 30(a) of Regulation S-P (Safeguards Rule). The SEC Order charged the adviser with violating the Safeguards Rule by failing to adopt written cybersecurity policies and procedures reasonably designed to protect customer records and information.…
This client alert was prepared by my colleagues Robert Leonard, Michael Mavrides and Christopher Wells. On April 28, the Securities and Exchange Commission (SEC) released a Guidance Update addressing the importance of cybersecurity and the steps registered investment advisers (and registered investment companies) may wish to consider in light of growing cybersecurity risks. This Guidance Update is the latest instance of the SEC’s increased emphasis on cybersecurity as a priority for advisers. A…
By Rochelle Emert and Phillip Caraballo-Garrison On February 3, 2015, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert that summarized its findings about cybersecurity preparedness in the securities industry. As part of its Cybersecurity Examination Initiative, the OCIE collected and analyzed information about cybersecurity practices and trends from over 100 registered investment advisers and broker-dealers. Proskauer discussed the OCIE study and its key findings in a client alert located here
Authors: Roger Cohen, Paul Hamburger, Kristen Mathews, Ellen Moskowitz, Richard Zall Anthem Inc. (Anthem), the nation’s second-largest health insurer, revealed late on Wednesday, February 4 that it was the victim of a significant cyber attack. According to Anthem, the attack exposed personal information of approximately 80 million individuals, including those insured by related Anthem companies.…