On May 5, 2017, the U.S. District Court for the Southern District of New York entered a default judgment in favor of the SEC against three Chinese defendants accused of hacking into the nonpublic networks of two New York-headquartered law firms and stealing confidential information regarding several publicly traded companies engaged in mergers and acquisitions.… Continue Reading
On January 9, 2017, Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO) reintroduced the Email Privacy Act, which would amend the Electronic Communications Privacy Act to require government entities to obtain a warrant, based on probable cause, before accessing the content of any emails or electronic communications stored with third-party service providers, regardless of how long the communications have been held in electronic storage by such providers.… Continue Reading
The Financial Industry Regulatory Authority recently announced that it had fined 12 financial institutions a total of 14.4 million dollars for improper storage of electronic broker-dealer and customer records. … Continue Reading
On December 27, 2016, the Securities and Exchange Commission announced charges against three Chinese traders who allegedly made almost $3 million in illegal profits by fraudulently trading on nonpublic information that had been hacked from two New York-based law firms.… Continue Reading
Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading
Recently, the Council of Institutional Investors issued a guide to shareholder engagement on cyber risk. The guide is intended to enable shareholders to ask appropriate questions of boards to gauge whether companies are taking proper steps to mitigate cyber risk.… Continue Reading
On September 22, 2015, the Securities and Exchange Commission announced a settlement order with an investment adviser for failing to establish cybersecurity policies and procedures, and published an investor alert entitled Identity Theft, Data Breaches, and Your Investment Accounts.… Continue Reading
The Office of Compliance, Inspections and Examinations at the U.S. Securities and Exchange Commission recently issued a Risk Alert outlining its latest cybersecurity examination priorities for SEC-registered broker-dealers and investment advisers.… Continue Reading
Hunton & Williams LLP partners Lisa Sotto, Scott Kimpel and Matthew Bosher published an article in Westlaw Journal's Securities Litigation & Regulation on SEC Cybersecurity Investigations: A How-to Guide. This blog entry provides a link to download a copy of the article.… Continue Reading
On February 3, 2015, the SEC released a Risk Alert providing a summary of observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative. … Continue Reading
Like other federal agencies, the Securities and Exchange Commission has been analyzing the applicability of its existing regulations relating to cybersecurity risks. In a client alert released by Hunton and Williams, we provide an overview of recent developments in cybersecurity disclosures by publicly-traded companies.… Continue Reading
Hunton and Williams' Corporate Governance team reports on the Securities and Exchange Commission’s new guidance concerning the use of social media in certain securities offerings, business combinations and proxy contests. This blog post includes a link to a PDF version of the team’s client alert on this topic.… Continue Reading
Triple-S Management Corporation reported in a recent SEC filing that its health insurance subsidiary, Triple-S Salud, Inc., has been notified by the Puerto Rico Health Insurance Administration that the Administration will impose a $6.8 million civil monetary penalty on the insurer in connection with a data breach that occurred in September 2013. … Continue Reading
On April 10, 2013, the Securities and Exchange Commission and the Commodity Futures Trading Commission jointly adopted rules that require broker-dealers, mutual funds, investment advisers and certain other regulated entities to adopt programs designed to detect red flags and prevent identity theft.… Continue Reading
On April 2, 2013, the Securities and Exchange Commission issued a report indicating that issuer-sponsored social media may be a permissible channel for disseminating information under Regulation FD in certain circumstances.… Continue Reading
Perhaps partly in response to the Obama Administration’s Executive Order concerning cybersecurity risks, an increasing number of large financial institutions disclosed cyber attacks and related vulnerabilities in the 2012 annual reports they recently filed with the Securities and Exchange Commission. … Continue Reading
On October 13, 2011, the Securities and Exchange Commission Division of Corporation Finance issued disclosure guidance regarding cybersecurity matters and cyber incidents. In this blog post, we provide a detailed summary of the Guidance and analysis of its potential effects.… Continue Reading
On April 7, 2011, the Securities and Exchange Commission announced a settlement involving three former brokerage firm executives charged with failing to protect confidential information about their customers in violation of Regulation S-P.
… Continue Reading
As reported in BNA's Privacy Law Watch, on July 29, 2010, three bills were introduced by House Republicans to repeal Section 929I of the Dodd-Frank Wall Street Reform and Consumer Protection Act.
… Continue Reading
