Category

Cybersecurity

19 August 2020

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (Cybersecurity Regulation or Regulation). The First American Statement of charges alleges six violations of the Cybersecurity Regulation and marks the Department’s first action pursuant to the Regulation, which is enforced by the recently created NYDFS Cybersecurity Division.1

NYDFS’s Statement seeks relief against First American, including civil monetary penalties and an order requiring First American to remediate any defined violations. Although the Statement does not include a calculation of the total penalty, the NYDFS explains that the civil monetary fines against First American are to be assessed pursuant to the Financial Services Law, which provides for a maximum civil monetary penalty of $1,000 per violation of the Regulation.2 Because First American’s violations included the exposure of millions of documents containing nonpublic information (NPI), the total penalty potentially could be substantial. The First American hearing is scheduled to occur on October 26, 2020, at the NYDFS.

(more…)

EmailShare
13 August 2020

Digital Health and Cyber Risk in the “New Normal”

Sidley partnered with Aon’s Cyber Solutions for an exclusive webinar for life sciences organizations to address developments in digital health and cybersecurity in light of some key trends affecting the industry today.

The speakers discussed the latest in digital health and how to better understand and mitigate cyber risk, as well as protect life sciences organizations’ highly valuable and sensitive data.

(more…)

EmailShare
17 July 2020

Payments and Fintech: Addressing Key EU, UK and U.S. Cybersecurity Issues

Data is key to innovation, growth, and staying competitive in the payments sector. In recent years, there has been a massive increase in the volume of data maintained and processed by payment service providers. Regulators and policymakers on both sides of the Atlantic are imposing increasingly prescriptive cybersecurity regulatory frameworks and closer scrutiny upon companies, while new and escalating cybersecurity threats challenge standard safeguards.

For the latest insights on the risks posed and effective ways to mitigate them, please join OneTrust DataGuidance and Sidley for a webinar focusing on the cybersecurity issues confronting the payments and fintech sectors in the EU, UK, and U.S.

(more…)

EmailShare
15 July 2020

Partnering With Tech and Fintech Firms: Key EU/UK Regulatory Considerations for the Payments Sector

There has been a rapid increase in collaboration between fintechs and other technology firms and more traditional payment service providers (PSPs) such as banks, merchant acquirers, and money transmitters. While fintechs and technology firms are often seen as direct competitors of traditional PSPs, in a market driven by innovation, both sides of the market increasingly consider collaboration a mutually beneficial way to play to each participating firm’s strengths. For more traditional PSPs, the technologies that a fintech or technology firm develops can help enhance and streamline, and in some cases modernize, the services provided to customers. For a fintech or technology firm, partnering with a PSP can provide an efficient and effective way to expand into the payment services market, particularly for customers who are more inclined to use traditional PSPs.

Regulators are monitoring these developments with growing interest and with an eye to potential risks to customers and markets as well as their ability to supervise regulated firms and their operations. This post highlights a number of EU/UK regulatory issues that fintechs, technology companies, and PSPs should consider when collaborating with one another.

(more…)

EmailShare
21 May 2020

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

On May 18, 2020, the Financial Crimes Enforcement Network (FinCEN), as part of its COVID-19-related response, issued a Notice Related to the Coronavirus Disease 2019 (COVID-19) reminding financial institutions of certain Bank Secrecy Act (BSA) obligations and pertinent information regarding reporting COVID-19-related criminal and suspicious activity (the Notice). Contemporaneously, FinCEN issued an Advisory on Medical Scams Related to the Coronavirus Disease 2019 (COVID-19) (the Advisory).

In light of the Notice and Advisory, firms should (a) continue to comply with their BSA obligations; (b) include COVID-19 detail only when that detail relates to the reported suspicious activity; (c) review policies and procedures to notify and to provide COVID-19 information to government agencies, including verification of the requesting agency; (d) review the Advisory red flags related to medical scams; and (e) consider revising policies and procedures as appropriate.

COVID-19-related frauds are a special emphasis for law enforcement and regulatory agencies, so failing to detect and report those issues could be viewed as a significant flaw in a firm’s anti-money laundering (AML) program.

(more…)

EmailShare
11 May 2020

COVID-19 – Privacy and Cybersecurity: An Action Plan For Business

As the COVID-19 pandemic evolves, companies should not lose sight of the privacy, data protection and cybersecurity implications of the new and sudden digital reality. This Action Plan sets out some key issues and recommendations to consider as your business manages this rapidly developing dynamic and considers protocols to support the workforce and mitigate risk in a transition back to work. (more…)

EmailShare
20 April 2020

UK Supreme Court Rules Morrisons Not Vicariously Liable for Malicious Data Breach by Employee

Case: WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12

In a decision that employers will welcome, the UK Supreme Court recently ruled that Morrison Supermarkets (Morrisons) was not vicariously liable for a data breach committed maliciously by a former employee who, acting to satisfy a personal vendetta against Morrisons, disclosed employee payroll data online.

(more…)

EmailShare
30 March 2020

Chambers 2020 Global Practice Guides for Data Protection & Privacy and Cybersecurity Available

The updated 2020 Chambers Global Practice Guides for Data Protection & Privacy and Cybersecurity, edited by Alan Charles Raul, are available, covering important developments across the globe and bringing expert legal commentary for businesses.  Read the intros to each Guide here and here.

EmailShare
26 March 2020

WEBINAR – COVID-19 – European and U.S. Cybersecurity Issues: Preventing and Responding to Cyber Incidents

Join OneTrust DataGuidance and Sidley for a webinar discussing COVID-19 and European and U.S. cybersecurity and cyber risk insurance issues.

The COVID-19 global pandemic presents unique legal and practical challenges for companies across all industries, including with respect to cybersecurity risks and protections. There are increased cyber vulnerabilities from insider and external threat actors, including cyber attacks on individuals and companies.

In this webinar, we will highlight the dynamic and evolving cybersecurity threats companies face as a result of the pandemic, and the global legal implications of a cyber breach in this new environment – and how they can reduce these risks, and effectively respond to a cyber incident.

(more…)

EmailShare
24 March 2020

COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps

The COVID-19 crisis has created significant cybersecurity risks for organizations across the world, particularly arising from remote working, scams and phishing attacks, and weakened information governance controls. These risks warrant attention by legal counsel and information security officers in light of potentially significant adverse legal, financial and reputational consequences that could arise – all while the organization is dealing with effects of a global pandemic.

In addition to identifying the cybersecurity risks, we also consider key measures that organizations can consider adopting to reduce such risks, including measures recommended by the UK’s National Cybersecurity Centre (NCSC), EU’s Agency for Cybersecurity (ENISA) and the US Federal Bureau of Investigation.  The speed at which the COVID-19 crisis has evolved has meant that many organizations have not been able to deploy effective risk-reducing measures in a timely manner.

(more…)

EmailShare
XSLT Plugin by BMI Calculator