On Tuesday, March 21, 2023, Julie Riewe, Kristin Snyder and Charu Chandrasekhar from our White Collar & Regulatory Defense Group, Jeff Robins from our Banking Group, and Avi Gesser and Erez Liebermann from our Data Strategy and Security Group hosted a webcast discussing the SEC’s proposed cybersecurity rules for registered investment advisers and funds, broker-dealers, and other major market participants…

Last month, we wrote about how many companies probably need a policy for Generative AI tools like ChatGPT, Bard and Claude (which we collectively refer to as “ChatGPT”). We discussed how employees were using ChatGPT for work (e.g., for fact-checking, first drafts, editing documents, generating ideas and coding) and the various risks of allowing all employees at a company to…

On March 15, 2023, the U.S. Securities and Exchange Commission (the “SEC”) released a suite of proposed new rules (the “Proposed Rules”) that include: Proposed new cybersecurity rules for broker-dealers, security-based swap dealers, major security-based swap participants, transfer agents, a variety of market infrastructure providers (national securities exchanges, clearing agencies, and security-based swap data repositories), and securities SROs (collectively, “Market…

We have written several times about the need for companies to reduce the amount of data that they collect and to get rid of old data. Data minimization lowers the legal, cybersecurity and privacy risks associated with companies having lots of confidential information that they do not need stored on their systems or with their vendors. But just as many…

On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the Trump Administration’s strategy was issued in September 2018. The Strategy positions cybersecurity very clearly as a critical national security issue and builds on the Administration’s issuance of the May 2021…

In February 2022, the SEC proposed its first-ever cybersecurity rules for registered investment advisers (“RIAs”) (including RIAs to private funds) and Funds (which include registered investment companies (“RICs”) and closed-end funds that have elected to be treated as business development companies (“BDCs”) under the Investment Company Act), which we previously discussed here. The SEC has indicated that it plans to…

On 23 February 2023, the UK ICO hosted its latest privacy forum in a series aimed at helping product designers and managers incorporate “privacy by design” or “data protection by design and by default” principles into their work. Presenters from a wide range of sectors, including from the ICO, offered practical guidance that may help companies better understand current market practice,…

On March 2 and 3, 2023, the U.S. Department of Justice (“DOJ”) announced several updates to its corporate enforcement policies, in significant part formalizing recent pronouncements about corporate compliance programs. Deputy Attorney General Lisa Monaco and Assistant Attorney General Kenneth A. Polite, Jr. announced these updates in remarks at the ABA’s National Institute on White Collar Crime. In particular, DOJ:…

On February 27, 2023, the FTC released guidance entitled “Keep Your AI Claims in Check” (“AI Claims Blog Post”), reminding companies that false or unsubstantiated claims about a product’s efficacy are core areas of FTC enforcement activity. We have previously written on how the FTC has entered into a new era under FTC Chair Lina Khan. It has asserted its…

On Tuesday, March 14 at 12:15 PM PST, Erez Liebermann will speak on a panel of other in-house and outside counsel entitled “Navigating Cyber Events in Compliance and Legal” at the 2023 SIFMA C&L Annual Seminar in San Diego, California. To register and view the full program, click here.