Data Security

SEC 2025 Examination Priorities Indicate Sustained Focus on Cybersecurity & Data Protection

October 28, 2024 By Kate Hanniford and Kristen Bartolotta

The SEC has released its Examination Priorities: Fiscal Year 2025 (“Examination Priorities”), which may be a useful roadmap to SEC-registered investment advisers, exchanges, and other entities subject to routine examination by the SEC Division of Examinations (“EXAMS”). The Examination Priorities represent the EXAMS Staff’s identification of areas of heightened risks to investors and/or the integrity […]

Forthcoming UK Cyber Security and Resilience Bill to Boost the UK’s Cyber Defenses

October 18, 2024 By Kelly Hagedorn and Kristen Bartolotta

In the July 2024 King’s Speech, the UK government announced its intention to introduce a Cyber Security and Resilience Bill (the “Bill”) to improve the UK’s cyber defenses and protect essential public services. The announcement comes as companies and countries increasingly face attacks by cyber criminals and state actors, sometimes disrupting public services and infrastructure. […]

Green Light for the Enforcement of NIS 2 in Limited EU Countries Only

October 17, 2024 By Wim Nauwelaerts, Kelly Hagedorn and Alice Portnoy

EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU legislator required all 27 Member States to incorporate into their local laws the requirements of NIS 2 and to make […]

Department of Justice Intervenes in Cybersecurity Qui Tam Action Against Georgia Tech

August 30, 2024 By Kim Peretti, Andrew Liebler, Kellen Dwyer and Andrew Rice

On Thursday, August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention in the case of United States of America ex rel. Christopher Craig and Kyle Koza, v. Georgia Tech Research Corp. and Board of Regents of the University System of Georgia (d/b/a the Georgia Institute of Technology) (United States v. Georgia […]

New York AG Seeks Comments on Rulemaking for Minors’ Online Protection Laws

August 12, 2024 By Maki DePalo, Dorian Simmons and Hyun Jai Oh

On August 1, 2024, New York Attorney General (“AG”) Letitia James issued two advanced notices of proposed rulemaking (“ANPRs”) for the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (the “SAFE Act”) and the Child Data Protection Act (the “CDPA”), both of which New York Governor Kathy Hochul signed into law on June 20, 2024. […]