The Securities and Exchange Commission (SEC) obtained a court order freezing more than $27 million in proceeds from alleged illegal distributions and sales of restricted shares of a public company , and charged the company, its CEO, and three other affiliated individuals on April 6, 2018. That same day, the Nasdaq Stock Market halted trading in the company’s stock.
The SEC’s complaint alleges that shortly after the company began trading on the Nasdaq Stock Market and announced the acquisition of a purported blockchain-empowered cryptocurrency business, its stock price rose dramatically until its market capitalization exceeded $3 billion. The SEC further alleges that the CEO and the three other individual defendants then illegally sold large blocks of their restricted shares to the public while the stock price was excessively elevated and that they collectively reaped more than $27 million in profits.
Continue reading “SEC Freezes $27 Million Related to a Blockchain/Cryptocurrency Acquisition”
The National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law (“Model Law”) in October 2017. The purpose of the Model Law is to establish standards for data security and the investigation of and notification to the Insurance Commissioner of a Cybersecurity Event, but is not intended to create a private right of action.
The Model Law is based largely on the New York Department of Financial Services’ Cybersecurity Regulations, 23 NYCRR 500 (“NYDFS Cyber Regulations”), which took effect on March 1, 2017.  In fact, a drafting note to the Model Law indicates that compliance with the NYDFS Cyber Regulations is intended to constitute compliance with the Model Law.
Continue reading “NAIC Adopts Insurance Data Security Model Law”
The Equifax breach affecting as many as 143 million U.S. consumers highlights the segmented legal landscape surrounding data security as well as the challenges of regulating it. News reports indicate that federal agencies, including the FTC, and a number of state Attorneys General either are or have been called to investigate Equifax and a number of class actions have already been filed.
Some commentators have suggested that the Equifax breach requires a regulatory response, but it is not clear that regulation would have prevented the breach.
Continue reading “Equifax Breach: Good Data Security Practices Matter”
The FTC reached a settlement with online tax preparation service TaxSlayer Online for allegedly violating the Gramm Leach Bliley Act’s (“GLBA”) Privacy Rule and Regulation P as well as the Safeguards Rule.
The Privacy Rule/Regulation P requires financial institutions to provide initial and annual notices to their customers informing them about what nonpublic personal information is shared with third parties. It also provides information about how consumers can opt out of certain information sharing. Both the FTC and the Consumer Financial Protection Bureau enforce the Privacy Rule.
The Safeguards Rule requires financial institutions to use reasonable procedures to safeguard their customers’ nonpublic information. The FTC enforces the Safeguards Rule.
Continue reading “Online Tax Preparation Service Settles with FTC for GLBA Violations”
If Ben Franklin were alive today, he would add cybersecurity to his famous quote “…in this world nothing can be said to be certain, except death and taxes.” Cybersecurity is top of mind in every organization in part because of the recent massive ransomware attacks, new federal and state regulations (including the New York Division of Financial Services’ Cybersecurity Regulation) and the upcoming effective date of the European Union’s General Data Protection Regulation (GDPR). There is no one-size-fits-all solution for organizations that want to shore up their cybersecurity vulnerabilities, but there are a lot of useful reports and advice from federal government agencies.
Continue reading “Death, Taxes and Cybersecurity”
The New York Department of Financial Services’ Cyber Requirements for Financial Services Companies, 23 NYCRR 500 (“Cyber Regulations”) went into effect on March 1, 2017. The Cyber Regulations are intended to require financial companies to assess their internal cybersecurity risks and develop a cybersecurity program to protect customer information and their IT systems, as well as respond, recover, and report cyber threats. The Cyber Regulations establish a comprehensive set of proactive cybersecurity standards for companies to follow, involving everything from appointing a designated Chief Information Security Officer (CISO) to submitting an annual compliance notice, and conducting penetration testing and vulnerability assessments.
Here is an overview of some key terms, requirements and deadlines under these new regulations.
Continue reading “Fact Sheet: NYDFS Cyber Regulations”