On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) adopted rules to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance.Continue Reading New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

In a recent survey of almost 2,800 global organizations, one in five respondents reported experiencing a ransomware attack in 2021—with almost half of those respondents suffering significant operational impacts as a result.

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

As the value of data continues to increase exponentially, so too do the associated risks, including risk of cyberattacks, data breaches or data-related litigation, as well as rising regulation throughout the world

Last month, the U.S. Securities and Exchange Commission issued a proposal to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance. Among other changes, the SEC’s proposal would require disclosure about material cybersecurity incidents within four business days and require annual disclosure regarding a registrant’s policies and

Almost two years into the COVID-19 pandemic, it is clear that the corporate workplace has changed for good. As the world continues to reopen and companies return to the office, what we are returning to is not business as usual, but a new future of work – a future characterized by a shift from the traditional workplace to remote and hybrid models that provide opportunities to work in effective and efficient ways from anywhere.
Continue Reading Returning to the Future of Work: Considerations for the Virtual Board Room in the ‘Post’-Pandemic Era

On March 3, 2021, the U.S. Securities and Exchange Commission (“SEC”) Division of Examinations (the “Division”)—formerly the Office of Compliance Inspections and Examinations—released its 2021 Examination Priorities (“2021 Priorities”).  The 2021 Priorities generally retain perennial risk areas as the Division’s core focus, but do include several new and emerging risk areas reflecting broader policy shifts under new SEC leadership.

The 2021 Priorities include:  retail investors; information security and operational resilience; financial technology (“Fintech”), including digital assets; anti-money laundering; transition from the London Inter‑Bank Offered Rate (“LIBOR”); several areas covering registered investment advisers and investment companies; market infrastructure; and oversight of the Financial Industry Regulatory Authority and Municipal Securities Rulemaking Board programs and policies.  Although not formal priorities, the Division will also focus on climate-related risks and environmental, social and governance (“ESG”) matters in light of recent market developments and broader attention in these areas.
Continue Reading Turning the Page: Highlights of the SEC’s Division of Examination’s 2021 Priorities

On February 19, 2020 the European Data Protection Board (“EDPB”) published its second statement on privacy in the context of corporate transactions.

The statement, the full text of which can be read here, highlights the existence of concerns related to the combination and accumulation of sensitive personal data and the possibility that such combinations could result in a high level of risk to the fundamental rights to privacy and the protection of personal data.
Continue Reading EDPB Publishes Statement on Privacy Implications of M&A Transactions

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2020”.

According to a 2019 survey, Chief Legal Officers ranked data breaches as the most important issue keeping them “up at night.” Cybersecurity also remained top of mind for boards and other corporate

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2020”.

Increased regulation continues to be the trend in data privacy law, with 2019 bringing forth a host of new regulations and guidance on existing laws. This year, the pace will not likely

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.
Continue Reading July 2019 Privacy and Cybersecurity Enforcement: Lessons for Management and Directors