Sep. 21, 2022

Metaverse IRL: Tackling Privacy Amid the Rampant Hype and Burst of Deals

The metaverse opened for business in 2022, with venture capital backing hundreds of companies, and brands, celebrities, professional service firms and savvy entrepreneurs flocking into virtual reality to make a splash. This article analyzes some of the privacy issues that lawyers have encountered during real-life metaverse dealmaking and counseling, moving beyond white-paper projections to deliver five practical focal points for companies entering the metaverse construction zone. A second article will dive deeper into metaverse-specific challenges for biometric and sensitive data, gaining VR users’ consent, relying on digital wallets and selling non-fungible tokens. See “Protecting Against Crypto Theft” (Aug. 10, 2022).

Held to Ransom: How Cyberattacks Can Become a Legal and Regulatory Odyssey for a Private Investment Fund

Imagine this: you work for a private investment fund manager, one of its portfolio companies has discovered ransomware barring it from accessing the majority of its IT systems, and the cyber-threat actors are demanding a ransom before they will hand over the decryption key. Within two days the ransom will exceed the company’s cyber insurance coverage and it will need a cash injection from the investment fund to satisfy the ransom demand. What do you do? The first of this two-part guest series by Proskauer partners Ryan P. Blaney, Margaret A. Dale, Dorothy Murray, Todd J. Ohlms and Jonathan M. Weiss considers immediate incident response steps and analyzes whether to pay a ransom, from U.S., U.K. and E.U. perspectives. The second part will consider the notification obligations and other consequences of a ransomware attack. See “A Look Inside Businesses’ Private Disputes Over Ransomware Costs” (Aug. 18, 2021).

Trio of Settled Enforcement Actions Highlights SEC Concerns About Identity Theft Policies and Procedures

Three recent SEC settlement orders serve as a reminder that firms must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft. The settlements resolve SEC enforcement proceedings, alleging deficiencies in identity theft red flag programs, against J.P. Morgan Securities LLC, TradeStation Securities, Inc., and UBS Financial Services Inc. This article explores the relevant requirements of Regulation S‑ID – the Identity Theft Red Flag Rules – and Rule 201 thereunder, the programs’ alleged shortcomings that gave rise to the enforcement proceedings and the terms of the settlement orders, with additional insights from Jason Elmer, founder and CEO of Drawbridge Partners. See our two-part series on digital identity management in a post-pandemic world: “A Framework for Identity-Centric Cybersecurity” (Mar. 24, 2021); “SolarWinds, Zero Trust and the Challenges Ahead” (Mar. 17, 2021).

Frankfurt Kurnit Expands Privacy and Data Security Practice

Rick Borden has joined Frankfurt Kurnit as a partner in the firm’s privacy and data security practice. He is based in New York, where he counsels clients on data compliance programs, audits and government compliance reviews. For insight from Frankfurt Kurnit, see “Are ‘Privacy-First’ Clean Rooms Safe From Regulators?” (Mar. 23, 2022). For insight from Borden, see “The Multifaceted Role of In-House Counsel in Cybersecurity” (Dec. 9, 2015).

Wiggin Welcomes Partner in London

Mark Deem has joined Wiggin as a partner in London, where he focuses on technology, media and telecoms litigation, data privacy and fintech disputes. For insight from Deem, see “ICO Hones GDPR Enforcement Approach With Reduced Fines for British Airways, Marriott and Ticketmaster” (Dec. 2, 2020).