In Part 1 of this series, we discussed the recent Circular and accompanying Appendix issued by Hong Kong’s Security and Futures Commission (the “SFC”) on cybersecurity risks and mitigations related…
On November 12, 2024, Hong Kong’s Security and Futures Commission (the “SFC”) issued a Circular (the “Circular”) with an accompanying appendix (the “Appendix”) setting out the SFC’s view of the…
On June 11, 2024, the U.S. Securities and Exchange Commission (“SEC”) filed its third matter this year involving “AI washing”—namely, alleged misstatements or omissions by securities market participants about the…
On May 16, 2024, the SEC adopted amendments to Regulation S-P (“Reg S-P”) one year after its proposed amendments (the “Proposed Amendments”). The finalized amendments (“Amended Reg S-P”) largely track…
On Friday, May 12, 2023, Eric Dinallo of our Insurance Regulatory Group and Avi Gesser and Suchita Brundage of our Data Strategy & Security Group hosted an informative discussion on…
Last month, we wrote about how many companies were implementing a pilot program for ChatGPT, as a follow up to our article about companies adopting a policy for the work-related…
On March 15, 2023, the U.S. Securities and Exchange Commission (the “SEC”) released a suite of proposed new rules (the “Proposed Rules”) that include: Proposed new cybersecurity rules for broker-dealers,…
In February 2022, the SEC proposed its first-ever cybersecurity rules for registered investment advisers (“RIAs”) (including RIAs to private funds) and Funds (which include registered investment companies (“RICs”) and closed-end…
In September 2020, we wrote about the risks of credential stuffing attacks following the New York Attorney General’s (NYAG) settlement with Dunkin’ Donuts. Since then, these attacks have continued, and…
Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…