Securities and Exchange Commission

On October 6, 2021, Deputy Attorney General Lisa Monaco announced the launch of the new Civil Cyber-Fraud Initiative that will use the False Claims Act to pursue cybersecurity related fraud by government contractors and grant recipients.
Continue Reading DOJ Announces New Cyber-Fraud Initiative and Intent to Utilize False Claims Act to Spur Compliance

On September 14, 2021, the Securities and Exchange Commission announced that analytics firm, App Annie Inc., and its co-founder and former CEO, agreed to pay approximately $10 million to settle securities fraud charges for engaging in deceptive practices and making material misrepresentations about “alternative data” sold by the company. Notably, this is the SEC’s first enforcement action charging an alternative data provider with securities fraud.
Continue Reading SEC Settles with Alternative Data Provider for $10 Million

On August 30, 2021, the U.S. Securities and Exchange Commission announced it had settled three administrative cases involving a total of eight registered broker-dealers and investment advisers for failures in their cybersecurity policies and procedures.
Continue Reading SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

The U.S. Securities and Exchange Commission recently announced that Pearson plc agreed to pay a $1 million civil penalty in a settlement related to charges that Pearson misled investors about a 2018 data breach resulting in the theft of millions of student records, including birth dates and email addresses.
Continue Reading SEC Sanctions Public Company for Misleading Disclosures About Data Breach

On June 15, 2021, the SEC announced it settled charges against real estate services company First American Financial Corporation (“First American”) for alleged violation of Rule 13a-15(a) of the Exchange Act. The SEC charged First American with failure to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning a software vulnerability that led to a cybersecurity incident was filed with the Commission.
Continue Reading SEC Settles Charges Against Real Estate Services Company Over Control Failures Related to Cybersecurity Disclosure

On January 19, 2021, the UK Information Commissioner’s Office published its analysis of the application of the UK General Data Protection Regulation to transfers from UK-based firms or branches that are registered, required to be registered or otherwise regulated by the U.S. Securities and Exchange Commission.
Continue Reading ICO Confirms UK Firms May Rely on Public Interest Derogation for SEC Transfers