Jun. 29, 2022
Jun. 29, 2022
Lessons From CISA for In-House Counsel on Mitigating and Managing MSP Breach Threats
With the increase in cyberattacks and publicly available guidance, including the Cybersecurity and Infrastructure Security Agency’s (CISA) most recent alert on protecting against cyber threats to managed service providers (MSP) and their customers, there is likely to be more judicial and regulatory scrutiny when an attack occurs focused on what happened, how the issue was fixed and what steps are being taken to prevent future attacks. In this guest article, Lowenstein Sandler partner Kathleen McGee and law clerk Bonnie Schipper discuss the CISA alert’s MSP cybersecurity recommendations, and offer additional advice on managing legal obligations, business implications and privilege issues that can arise in the event of a cyberattack. See “Implementing NSA-CISA-FBI Advisory Mitigation Tactics for Vulnerabilities Exploited by Russia” (Apr. 28, 2021). Read full article …
Present and Former SEC Officials Discuss the Commission’s Latest Examination and Enforcement Tactics and Priorities
Cybersecurity continues to be an SEC examination priority, with three recent cases concerning firms that failed to take reasonable steps to protect client information. We distill insights shared by present and former SEC officials, at the Investment Company Institute’s recent Investment Management Conference, on operations of the Division of Examinations, the potential for more aggressive enforcement activity, the implications of recent enforcement actions involving electronic communications and cybersecurity, and SEC Division of Enforcement’s environmental, social and governance task force. See “Privacy and Security Regulators Discuss New Enforcement Proposals and Compliance Best Practices” (Jun. 15, 2022). Read full article …
Navigating the Intersection of Digital Assets and AML
Although the largest volume of money laundering takes place using fiat currency, the most money laundering transactions are done using cryptocurrencies, said Peter D. Hardy, a partner at Ballard Spahr, at a recent PLI program. He and cryptocurrency experts from Chainalysis, Element Finance and Solidus Labs examined the rapidly evolving regulatory regime governing digital assets, including the current enforcement environment, sanctions and ransomware, applicability of AML rules to banks and decentralized finance, and digital transaction tracing and investigative techniques. This article distills the speakers’ insights. See “The Evolving Crypto Regulatory Climate” (May 11, 2022). Read full article …
Debevoise Expands Data Security Bench in New York
Erez Liebermann has joined Debevoise & Plimpton as a partner in the firm’s data strategy and security group in New York. For insight from Debevoise & Plimpton, see “SEC Proposes Cyber Risk Management Rules for Advisers” (Apr. 27, 2022). For insight from Liebermann, see “Data Localization: Cybersecurity Challenges Abound” (Nov. 17, 2021). Read full article …
Most-Read Articles
-
Jun. 15, 2022
New AI Rules: NYC First to Mandate Audit -
Jun. 1, 2022
Roadmap for Building an Efficient Global Privacy Program: Maintenance -
Jun. 22, 2022
Learning From Twitter’s $150-Million Privacy Disclosure Mistakes -
Jun. 15, 2022
Privacy and Security Regulators Discuss New Enforcement Proposals and Compliance Best Practices -
Jun. 22, 2022
New AI Rules: States Require Notice and Records, Feds Urge Monitoring and Vetting
Webinar on Compliant International Data Transfers


Listen here to our discussion with our colleagues at Ethos Privacy, which took place on March 1, 2022, on how to approach international data transfer challenges.