Enforcement – Debevoise Data Blog

Cybersecurity

Report Underscores FINRA’s Focus on Cybersecurity

By: Avi Gesser, Erez Liebermann, Kristin Snyder, Charu Chandrasekhar and Michael R. Roberts January 18, 2023

On January 10, 2023, the Financial Industry Regulatory Authority (“FINRA”) published its 2023 Report on FINRA’s Examination and Risk Monitoring Program (the “Report”), which is intended to provide member firms…

Enforcement

European Data Protection Roundup – October

By: Erez Liebermann, Robert Maddox, Friedrich Popp, Fanny Gauthier, Stephanie Thomas, Tristan Lockwood and Melissa Muse November 2, 2022

Key takeaways this October include: Facial Recognition: Businesses face continued challenges in establishing GDPR-compliant facial recognition technology, including those with no presence in the EEA, after the French CNIL fined…

Enforcement

European Data Protection Roundup – September

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Robert Maddox, Friedrich Popp, Fanny Gauthier, Stephanie Thomas, Tristan Lockwood and Melissa Muse October 10, 2022

European Data Protection Roundup – September 2022 Key takeaways this September include: Google Analytics: Continue to assess carefully the use of Google Analytics. The Danish Data Protection Agency became the…

Enforcement

Lessons from the SEC’s Most Recent Reg S-P Action

By: Avi Gesser, Kristin Snyder, Erez Liebermann, Charu Chandrasekhar, Johanna Skrzypczyk and Scott M. Caravello October 6, 2022

On September 20, 2022, the SEC announced settled charges and the imposition of a $35 million penalty against a dually registered investment adviser and broker-dealer (the “Firm”) for violations of Regulation…

Cybersecurity

Recent SEC Enforcement Actions Signal Key Lessons for Reg S-ID Compliance

By: Avi Gesser, Erez Liebermann, Kristin Snyder, Charu Chandrasekhar, Michael R. Roberts and Noah L. Schwartz August 2, 2022

On July 27, 2022, the Securities and Exchange Commission (“SEC”) separately charged three financial institutions with violations of Rule 201 of Regulation S-ID (“Reg S-ID”), also known as the Identity…

Enforcement

Cyber Whistleblowers: Eight Lessons from the First False Claims Act Settlements

By: Avi Gesser, Erez Liebermann and HJ Brehmer July 20, 2022

On July 8, 2022, the U.S. Department of Justice (the “DOJ”) announced that Aerojet Rocketdyne (“Aerojet”), a California-based aerospace and defense contractor, agreed to pay $9 million to resolve allegations…

Banking

36-Hour Breach Notification for Banks Is Here

By: Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Courtney Bradford Pike and Andres Gutierrez May 31, 2022

On May 25, 2022, the Review of Banking & Financial Services published an article on the recently-issued banking agencies’ Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and…

Data Minimization

Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records

By: Avi Gesser, Johanna Skrzypczyk and Michael R. Roberts March 1, 2022

Since we last wrote about data minimization, there have been several regulatory developments that illustrate the increasing operational and regulatory risks of keeping large volumes of old data. As cyber…

Cybersecurity

Four Takeaways from the SEC’s Proposed Cybersecurity Rules

By: Luke Dembosky, Avi Gesser, Julie M. Riewe, Charu Chandrasekhar, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta February 16, 2022

On February 9, 2022, the SEC released its much-anticipated proposed rules relating to cybersecurity risk management, incident reporting, and disclosure for investment advisers and funds. Many of the proposals follow…

CCPA

CCPA Enforcement Update: California AG Announces a New Enforcement Sweep Targeting Customer Loyalty Programs

By: David Sarratt, Christopher S. Ford and HJ Brehmer January 31, 2022

On January 28, 2022, California Attorney General Rob Bonta announced that his office sent notices alleging noncompliance with the California Consumer Privacy Act (“CCPA”) to a number of companies operating…