Cybersecurity & Data Protection
Cyber incidents and data breaches can trigger serious and lasting reputational, legal and business harm. We help clients manage and respond to fast-moving cyber crisis situations, while advising them on effective, proactive strategies to reduce risk by preparing for a cyber incident before it occurs.
SEC Issues Report Reminding Registrants to Consider Cyber Threats When Implementing Internal Accounting Controls
On October 16, 2018, the Securities and Exchange Commission (the “SEC”) issued a Report of Investigation (“Report”) (available here) cautioning public companies to carefully consider cyber threats when implementing and maintaining their internal accounting controls.
On April 24, 2018, the Securities and Exchange Commission announced that Altaba, the company formerly known as Yahoo! Inc., agreed to pay a $35 million penalty as part of a cease-and-desist order to settle charges that it misled investors by failing to disclose a significant data breach in which hackers stole personal data relating to hundreds of millions of Yahoo! accounts in 2014.
In this video, litigation partner and former Secretary of Homeland Security Jeh Johnson discusses the current state of cybercrime, as well as fundamental steps companies can take to protect against a cyber-attack.
- Cybersecurity & Data Protection
- Justin Anderson
- H. Christopher Boehning
- Jessica S. Carey
- Roberto J. Gonzalez
- Jeh Charles Johnson
- Jonathan S. Kanter
- Brad S. Karp
- Mark F. Mendelsohn
- Lorin L. Reisner
- Richard C. Tarlowe
- Theodore V. Wells Jr.
- Adam J. Bernstein
- Michael A. Brodlieb
- Economic Sanctions & AML
- Financial Institutions
On May 22, 2019, the New York State Department of Financial Services (“DFS”) announced the creation of a new Cybersecurity Division, which it described as the “first of its kind at a banking or insurance regulator.”
In this video, litigation partner Roberto Gonzalez discusses the implications of the New York Department of Financial Service's landmark cybersecurity rule, as well as cyber rulemaking efforts by the federal banking agencies.
Federal Banking Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cybersecurity Standards
On October 19, the Federal Reserve Board ("Board"), the Federal Deposit Insurance Corporation ("FDIC"), and the Office of the Comptroller of the Currency ("OCC") jointly issued an advanced notice of proposed rulemaking ("ANPR") seeking comment on a new set of enhanced cybersecurity standards for certain institutions under their supervision.
On March 2, the Consumer Financial Protection Bureau entered an enforcement order against online payment platform Dwolla, Inc. for deceiving consumers about its data security practices and the safety of its online payment system.
New Federal Guidance on the Cybersecurity Information Sharing Act of 2015: What General Counsel Need to Know
The Cybersecurity Information Sharing Act of 2015 ("CISA") was signed into law on December 18, 2015. The law authorizes companies to monitor and implement defensive measures on their own information systems to counter cyber threats.
As reported in The American Lawyer, Paul, Weiss is forming an alliance with at least five other Am Law 100 firms that will enable sharing of intelligence about cyber threats and vulnerability.