The regulation of cybersecurity remains a new and rapidly evolving space — and regulatory activity and priorities can be somewhat opaque to outside observers. In this special episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss shares a discussion led by Faegre Drinker’s Peter Baldwin, who sat down with Brent Wilner, senior advisor to the Securities and Exchange Commission’s (SEC) Cyber Unit, and Justin Herring, leader of the New York Department of Financial Services’ (NYDFS) Cybersecurity Division. The two guests share their insights on each agency’s priorities in cybersecurity, data protection and enforcement.
The conversation covers a number of questions, including:
- How did these two agencies — the SEC and the NYDFS — get more involved in cybersecurity regulation?
- On what basis does the SEC bring enforcement actions? What regulations does the SEC regularly invoke? What theories of enforcement does the SEC follow?
- How does the NYDFS determine its enforcement priorities will be in this type of space?
- Inevitably, there is overlap in regulatory activity between an agency like the SEC and the NYDFS. To what extent do you work in tandem with other regulatory and law enforcement agencies? How do those relationships work?
- Cybersecurity is a rapidly evolving space. How do you see your regulatory and enforcement priorities evolving?