Cyber Risk

SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events

January 31, 2022 By Kate Hanniford and Alysa Austin

On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund and private fund disclosure requirements and increase regulators’ visibility into the private funds industry. The proposed rules would amend the SEC’s Form PF, the confidential reporting form by which private funds disclose regulatory assets to the SEC, […]

FTC Releases Warning to Companies that Fail to Mitigate Log4j Vulnerability

January 5, 2022 By Alysa Austin and Privacy, Cyber & Data Strategy Team

Less than a month ago, a critical vulnerability was identified in the ubiquitous, open source Log4j tool prompting swift guidance from Cybersecurity and Infrastructure Security Agency (CISA) and other security practitioners. Now, the Federal Trade Commission (FTC) has warned companies that it “intends to use its full legal authority” against any company that fails to […]

Update: FTC Amendments to the Safeguards Rule and Request for Comment on Proposed Reporting Requirement Published to the Federal Register

December 15, 2021 By Kim Peretti, Kathleen Benway, Kate Hanniford and Kristen Bartolotta

As an update to prior coverage of the FTC’s final revisions to the Gramm-Leach-Bliley Safeguards Rule (Final Rule), following its publication in the Federal Register on December 9, 2021, the Final Rule now will take effect on January 8, 2022, 30 days after publication in the Federal Register. Revisions to the Final Rule include an […]

CISA Issues Statement on Log4j Critical Vulnerability

December 13, 2021 By Kim Peretti

Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in this tool, public and private sector security partners are issuing warnings about this “critical vulnerability.” While the full scope […]

FTC Revises the Safeguards Rule and Proposes Mandatory Reporting of Cybersecurity Events

November 1, 2021 By Kathleen Benway, Kim Peretti and Kate Hanniford

On October 27, 2021, the FTC released its much-anticipated final revisions to the Gramm-Leach-Bliley Safeguards Rule (Safeguards Rule or Final Rule), following a 3-2 vote along party lines and also released a notice of proposed rulemaking that would require reporting to the FTC of certain cybersecurity events. Revisions to the Safeguards Rule Effective since 2003, […]