On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware…
Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…
In a new episode of the Compliance & Legal Risk podcast, Avi Gesser from Debevoise’s Data Strategy and Security Group contributed to an insightful conversation with Ronald J. Coleman of Georgetown Law, Mutale…
On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an updated advisory (the “Advisory”) on sanctions risks associated with payments to threat…
As part of our ongoing series on enforcement actions by the Securities and Exchange Commission (“SEC”) in data- and cybersecurity-related matters (here, here, and here), we have been closely tracking…
Last week, the California Privacy Protection Agency (the “Agency”) invited public comment on its preliminary rulemaking. As previously discussed, the California Privacy Rights Act (“CPRA”) established the Agency and tasked…
Key takeaways from developments this August include: Indications of what the UK’s post-Brexit data transfer arrangements might look like – companies transferring data from the UK will want to follow…
On August 30, 2021, the SEC filed settled enforcement actions against three groups of broker-dealers and investment advisers for failing to protect confidential customer information in violation of Rule 30(a)…
On 1 July 2021,[1] Federal Law No. 236-FZ on the Internet Activities of Foreign Entities in the Russian Federation (the “Law”)[2] came into force, requiring establishment of local presence, such…
The U.S. Securities and Exchange Commission this week took the rare step of penalizing a company for its allegedly poor disclosure of a cyber incident. The SEC announced a $1…