On June 28, 2023, the New York Department of Financial Services (“NYDFS”) announced its Revised Proposed Second Amendment to its Cybersecurity Regulation, 23 NYCRR Part 500 (the “Revised Amendment” or…
On Tuesday, June 13, 2023 Eric Dinallo of the Insurance Regulatory Group and Avi Gesser and Stephanie Thomas of the Data Strategy & Security Group hosted an informative discussion on…
On Tuesday, May 16th, 2023, Andrew Bab of the Mergers & Acquisitions and Private Equity Groups and Co-Chair of the Healthcare & Life Sciences Group, Avi Gesser of the Data…
With last week’s political deal in European Parliament to advance the European Union’s groundbreaking AI Act (the “EU AI Act”), Europe is one step closer to enacting the world’s first…
Following recent enforcement action by the UK Prudential Regulation Authority (“PRA”) against Wyelands Bank, which was partly based on its failure to retain business-related messages exchanged by senior executives and…
On March 15, 2023, the U.S. Securities and Exchange Commission (the “SEC”) released a suite of proposed new rules (the “Proposed Rules”) that include: Proposed new cybersecurity rules for broker-dealers,…
We have written several times about the need for companies to reduce the amount of data that they collect and to get rid of old data. Data minimization lowers the…
In February 2022, the SEC proposed its first-ever cybersecurity rules for registered investment advisers (“RIAs”) (including RIAs to private funds) and Funds (which include registered investment companies (“RICs”) and closed-end…
On March 2 and 3, 2023, the U.S. Department of Justice (“DOJ”) announced several updates to its corporate enforcement policies, in significant part formalizing recent pronouncements about corporate compliance programs.…
Risk assessments are a critical component of a robust cybersecurity program. To benchmark their risk assessments and cybersecurity maturity reviews, companies often look to recognized industry standards such as the…