Data Protection

Recent FTC Order Has Implications for Executive Liability and Corporate Data Minimization Practices

October 28, 2022 By Kim Peretti, Alysa Austin and Kristen Bartolotta

On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that led to a data breach in 2020, which exposed the personal information of approximately 2.5 million Drizly customers. Drizly and its […]

The White House Introduces new Blueprint for an AI Bill of Rights

October 6, 2022 By Kim Peretti

On October 4, 2022, the White House Office of Science and Technology released the Blueprint for an AI Bill of Rights (the Bill) to guide the development and use of artificial intelligence (AI) in the United States. The White House recognized that while AI is a powerful driver of innovation, the technology can also be […]

SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously

September 26, 2022 By Kate Hanniford

On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of Regulation S-P that arose in the context of a data disposal process, imposing a $35 million penalty. Specifically, the SEC […]

SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies

August 1, 2022 By Alysa Austin and Kate Hanniford

On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity theft, in violation of the SEC’s Identity Theft Red Flags Rule, or Regulation S-ID. Regulation S-ID requires registered financial institutions, broker dealers, and investment advisers […]

White House Releases Recommendations to Protect Against Potential Cyberattacks

March 22, 2022 By Kristen Bartolotta and Privacy, Cyber & Data Strategy Team

The potential for malicious cyber activity has been a concern for the Biden administration throughout the evolving crisis in Ukraine (including the imposition of sanctions against Russia). In response to the concern, the Biden administration, which is now facing “evolving intelligence that Russia may be exploring options for potential cyberattacks,” has released recommendations for companies […]