Nov 192021

Governance Challenges 2021–2022: Digital Transformation Oversight

Alan Charles Raul, William RM Long, Lauren Kitces, Francesca Blythe and Holly J. Gregory
, ,

Privacy and cybersecurity concerns are expanding, and with them the proliferation of laws and regulations. Boards play a key role in ensuring that companies are positioned to comply with various jurisdictional requirements, that they understand and mitigate related risks, and that they are well-prepared to play a key role in response to security breaches and incidents. Indeed, enforcement actions issued by the U.S. Securities and Exchange Commission in 2021—including penalties levied due to a lack of senior leadership awareness of the identification and response to security vulnerabilities—sharpened this focus and shed light on regulatory expectations of corporate board oversight relating to privacy and cybersecurity.

Recognizing that companies are at different points in this journey, boards should heed guidance on how to prepare for the ever-evolving landscape of privacy and cyber laws. This article provides advice on oversight in this area and is directed at assuring boards that management is prepared to get ahead of potential breach issues and respond effectively when a breach or an incident arises.

View article.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

William RM Long

London

wlong@sidley.com

Lauren Kitces

Washington, D.C.

lkitces@sidley.com

Francesca Blythe

London

fblythe@sidley.com

Holly J. Gregory

New York

holly.gregory@sidley.com

You might also like
Top 10 Questions on the EU AI Act

The EU AI Act will be the first standalone piece of legislation worldwide regulating the use and provision of AI in the EU, and will form a key consideration in AI governance programs. The AI Act will have a significant impact on many organizations inside and outside the EU, with failure to comply potentially leading to fines of up to 7% of annual worldwide turnover.

Regulatory Update: National Association of Insurance Commissioners Spring 2024 National Meeting

The National Association of Insurance Commissioners (NAIC) held its Spring 2024 National Meeting (Spring Meeting) March 15 through 18, 2024. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include proposed updates to the regulatory review process for affiliated investment management agreements, continued discussion of considerations related to private equity ownership of insurers, and continued development of accounting principles and investment limitations related to certain types of bonds and structured securities.

FinCEN Seeks Input on Banks’ Collecting Partial Social Security Numbers for Customer Identification Programs

On March 28, 2024, the Financial Crimes Enforcement Network (FinCEN), in consultation with the U.S. banking agencies and the National Credit Union Administration, issued a request for information (RFI) regarding the customer identification program (CIP) requirement for depository institutions (referred to herein as banks) to collect tax identification numbers (TINs).Comments are due by May 28, 2024.