SEC

Last week, on March 15, 2023, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) continued its aggressive push to regulate the cybersecurity of entities in the financial services sector, proposing three rules affecting a variety of SEC-regulated entities, including broker-dealers, investment companies, and investment advisers, as we covered here on Privacy World.  These

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws and Regulations Bring Extensive Data Protection Assessment Requirements | Privacy World

Priority Topics for French CNIL

Last month, the U.S. Securities and Exchange Commission (“SEC”) proposed revisions to its regulations under the Privacy Act of 1974, 5 U.S.C. § 552a.  The Privacy Act is a federal statute governing the collection and use of personal information by federal agencies.  The statute gives individuals a right to access records about themselves and to

Last week, the U.S. Securities and Exchange Commission (“SEC”) announced a settlement with Blackbaud, Inc., a software provider, for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 of its customers.  The recent charges continue a flurry of activity from the SEC Enforcement Division’s Crypto Assets and Cyber Unit related to

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

BREAKING: Illinois Supreme Court Sets Five-Year Statute of Limitations for All BIPA Claims | Privacy World

SPB’s Julia Jacobson and

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Privacy World’s Kristin Bryan talks to Bloomberg Law on the Supreme Court’s In re Grand Jury Dismissal | Privacy World

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

California Federal Court Dismisses GPS Data Tracking Privacy Class Action in Ruling of First Impression For CIPA Claims Involving Devices

Last week, the U.S. Securities and Exchange Commission (“SEC”) filed an enforcement action in federal court requesting that the court compel an international law firm to comply with an administrative subpoena by disclosing the names of its clients whose information was obtained by malicious actors through a cyberattack on the law firm.  This lawsuit may

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

SEC Accused of Violating FOIA Deadlines for Documents on Improper Database Access | Consumer Privacy World

LinkedIn’s Data Scraping

Last month, the Securities and Exchange Commission (“SEC”) was hit with a complaint in federal court alleging that the agency has been untimely in responding to a Freedom of Information Act (“FOIA”) request for documents related to an admitted “control deficiency” that allowed certain SEC personnel to access databases in violation of the agency’s governing regulations.  The complaint piles on to recent challenges to the SEC’s enforcement structure, at a time when the SEC is proposing issuing cybersecurity and data privacy regulations affecting private entities.

To understand the significance of the complaint and FOIA request, a brief background on the SEC’s structure is necessary.  By statute, the SEC is authorized to conduct investigations into the violations of securities laws.  See 15 U.S.C. § 78u(a).  The SEC is also statutorily enabled to adjudicate cases against violators using an “in-house” administrative proceeding instead of filing a complaint in federal district court.  See, e.g., 15 U.S.C. §§ 78u-2, 78u-3.  However, the Administrative Procedure Act and corresponding SEC regulations prohibit any employee who is part of an enforcement investigation from either participating or advising in an adjudication or from communicating with the in-house judge without the accused violator present.  See 5 U.S.C. §§ 554(d), 557(d)(1); 17 C.F.R. 201.120–.121.Continue Reading SEC Accused of Violating FOIA Deadlines for Documents on Improper Database Access