SEC

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Privacy World’s Kristin Bryan talks to Bloomberg Law on the Supreme Court’s In re Grand Jury Dismissal | Privacy World

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

California Federal Court Dismisses GPS Data Tracking Privacy Class Action in Ruling of First Impression For CIPA Claims Involving Devices

Last week, the U.S. Securities and Exchange Commission (“SEC”) filed an enforcement action in federal court requesting that the court compel an international law firm to comply with an administrative subpoena by disclosing the names of its clients whose information was obtained by malicious actors through a cyberattack on the law firm.  This lawsuit may

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

SEC Accused of Violating FOIA Deadlines for Documents on Improper Database Access | Consumer Privacy World

LinkedIn’s Data Scraping

Last month, the Securities and Exchange Commission (“SEC”) was hit with a complaint in federal court alleging that the agency has been untimely in responding to a Freedom of Information Act (“FOIA”) request for documents related to an admitted “control deficiency” that allowed certain SEC personnel to access databases in violation of the agency’s governing regulations.  The complaint piles on to recent challenges to the SEC’s enforcement structure, at a time when the SEC is proposing issuing cybersecurity and data privacy regulations affecting private entities.

To understand the significance of the complaint and FOIA request, a brief background on the SEC’s structure is necessary.  By statute, the SEC is authorized to conduct investigations into the violations of securities laws.  See 15 U.S.C. § 78u(a).  The SEC is also statutorily enabled to adjudicate cases against violators using an “in-house” administrative proceeding instead of filing a complaint in federal district court.  See, e.g., 15 U.S.C. §§ 78u-2, 78u-3.  However, the Administrative Procedure Act and corresponding SEC regulations prohibit any employee who is part of an enforcement investigation from either participating or advising in an adjudication or from communicating with the in-house judge without the accused violator present.  See 5 U.S.C. §§ 554(d), 557(d)(1); 17 C.F.R. 201.120–.121.

Continue Reading SEC Accused of Violating FOIA Deadlines for Documents on Improper Database Access

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

NOW AVAILABLE: Practical Guidance Podcast on “BIPA and Forthcoming Changes to Biometric Privacy Laws” ft. CPW’s Kristin Bryan |

Last Friday, the Securities and Exchange Commission reopened the comment period on eleven of its pending rulemakings because of a technological error that caused the SEC not to receive all of the comments submitted during the original comment period.  One of the eleven proposals affected by the reopening is the SEC’s proposal from March

After several days of deliberating, a jury today convicted Uber Technologies Inc.’s (“Uber’s”) former chief security officer (the “Former CSO”) of criminal obstruction and concealing the theft of personal data of fifty million Uber customers and seven million Uber drivers from the Federal Trade Commission (“FTC”).

Recall that back in 2016, two hackers stole data

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference

CPW’s David Oberly

The New York Department of Financial Services (“NYDFS”) recently posted a request for public comment on a set of proposed amendments to NYDFS’ current “Cybersecurity Requirements for Financial Services Companies” (“Regulations”).[1] The amendments to the Regulations (“Pre-Proposal Amendments”) are in the “pre-proposal” phase, meaning that the NYDFS will issue official proposed amendments in the near future. Once official proposed amendments are issued, a 60-day public comment period starts, which means that amended Regulations likely will take effect sometime in 2023. In the meantime, entities subject to the Regulations should review the Pre-Proposal Amendments to help ensure sufficient time and resources to implement new requirements.

As background, the Regulations became effective on March 1, 2017, but followed a phased implementation process. The Regulations apply to all entities licensed by the NYDFS (“covered entities”), including banks, insurance companies, money transmitters and other financial services firms doing business in New York. The last phase of the Regulations was implemented in March 2019, at which point the Regulations were fully effective.

Continue Reading The NYDFS Proposes Substantial Amendments to Cyber Regulations