Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
Preparing Your 2022 Form 10-K: A Summary of Recent Key Disclosure Developments, Priorities, and Trends
This Sidley Update highlights certain key disclosure considerations for preparing your annual report on Form 10-K for fiscal year 2022, including recent amendments to U.S. Securities and Exchange Commission (SEC) disclosure rules and other developments that impact 2022 Form 10-K filings, as well as certain significant disclosure trends and current areas of SEC focus for disclosures. As always, we invite you to contact us with any questions on these topics or any other SEC reporting and compliance matters.
(more…)
Sonia Gupta Barros
Washington, D.C.
sbarros@sidley.com
David C. Buck
Houston
dbuck@sidley.com
Carlton Fleming
San Francisco, Palo Alto
cfleming@sidley.com
Istvan A. Hajdu
New York
ihajdu@sidley.com
John P. Kelsh
Chicago
jkelsh@sidley.com
Michael T. Kohler
New York
mkohler@sidley.com
Andrea L. Reed
Chicago
andrea.reed@sidley.com
Robert A. Ryan
New York
rryan@sidley.com
Lindsey A. Smith
Katie LaVoy
Chicago
klavoy@sidley.com
Claire H. Holland
Chicago
cholland@sidley.com
Tyler G. Aust
Chicago
taust@sidley.com
Lisa Holzman
Chicago
lholzman@sidley.com
Broker-Dealers and Investment Advisers Should Double-Check Their “Identity Theft” Programs: SEC Division of Examinations Issues Risk Alert on SEC’s Identity Theft Red Flags Rule, Regulation S-ID
On December 5, 2022, the Division of Examinations of the Securities and Exchange Commission (SEC) released a Risk Alert discussing its observations on Regulation S-ID (Reg. S-ID) from recent examinations of SEC-registered investment advisers and broker-dealers. Reg. S-ID, the SEC’s implementation of the identity theft red flags rule, requires SEC-regulated financial institutions and creditors to develop and implement an identity theft prevention program (Program) with written policies and procedures that are updated periodically. The requirements for the Program are outlined in the text of Reg. S-ID, and there are guidelines in Appendix A to assist firms in creating and maintaining a compliant Program. As Reg. S-ID applies to both SEC and Commodity Futures Trading Commission-regulated entities, financial institutions and creditors should consider their compliance programs accordingly.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
John I. Sakhleh
Washington, D.C.
jsakhleh@sidley.com
Sasha Hondagneu-Messner
New York
shondagneumessner@sidley.com
NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations
On November 9, 2022, the New York Department of Financial Services (DFS) published its proposed second amendment to its cybersecurity regulations (23 NY CRR Part 500). This proposal follows a July 29 pre-proposal and comment period. The amendment is available for a sixty-day comment period – until January 9, 2023 – after which the agency may adopt final regulations or issue a further revised version.
(more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Vishnu Tirumala
Washington, D.C.
vtirumala@sidley.com
Drizly FTC Order Introduces Significant Minimization, Deletion and Retention Requirements
On October 24, 2022, the Federal Trade Commission (“FTC”) issued an order (the “Order”) against the online alcohol marketplace, Drizly, and its CEO, James Cory Rellas, alleging security failures that resulted in a data breach exposing the personal information of approximately 2.5 million consumers. In reaching this conclusion, the FTC alleges that Drizly failed to implement reasonable safeguards to protect the personal information it collected and stored, such as, two-factor authentication for GitHub, access controls for personal data, sufficient written security policies, and appropriate employee training regarding security.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
Carly R. Owens
New California Law Adds to Complexity of Content Moderation
States and Congress have been enacting or debating different approaches to online “content moderation” by social media and other internet platforms. California’s “Content Moderation Requirements for Internet Terms of Service” bill (“AB 587”) goes into effect on Jan 1, 2024. In short, AB 587 requires social media companies to disclose their processes to take down or manage content and users on their platforms. AB 587 takes a somewhat different approach to social media content regulation than previously enacted laws in Texas and Florida. (more…)
Kwaku A. Akowuah
Washington, D.C.
kakowuah@sidley.com
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Ash Nagdev
Palo Alto
anagdev@sidley.com
Nayef Andrabi
Amisha Gandhi
San Francisco
amisha.gandhi@sidley.com
The Ninth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Now Available
The ninth edition of The Privacy, Data Protection and Cybersecurity Law Review provides a global overview of the legal and regulatory regimes governing data privacy and security, and covers areas such as data processors’ obligations, data subject rights, data transfers and localization, best practices for minimizing cyber risk, public and private enforcement, and an outlook for future developments. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law.
(more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
William RM Long
London
wlong@sidley.com
Yuet Ming Tham
Singapore, Hong Kong
ytham@sidley.com
Linh Lieu
linh.lieu@sidley.com
Tomoki Ishiara
Tokyo
tishiara@sidley.com
Margaret Allen
Singapore, Dallas
margaret.allen@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Lester Fung
João D. Quartilho
Faraaz Amzar
Singapore
faraaz.amzar@sidley.com
European Commission Publishes Draft Cyber Resilience Act
On 15 September 2022, the European Commission (“Commission” or “EC”) published a draft proposal for a Cyber Resilience Act (“CRA” ). The CRA comes in response to the increasingly common occurrence of cyberattacks, with some predicting that the global cost of cyberattacks for companies will reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. The CRA promises to transform the European cybersecurity landscape by harmonizing and bolstering cybersecurity rules across all technologies with “digital elements.” The Commission is currently inviting public feedback on the CRA through 18 November 2022. The CRA will then pass through the European Parliament for debate and for amendments to be proposed.
(more…)
William RM Long
London
wlong@sidley.com
Subhalakshmi Kumar
Eleanor Oates
London
eoates@sidley.com
CFPB Begins Rulemaking on Data Access and Portability
The Consumer Financial Protection Bureau (CFPB) on October 27, 2022 took the long-anticipated first step to issue a regulation implementing Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. This followed a preview by CFPB Director Rohit Chopra at the Money 20/20 conference on October 25 in which he outlined the “CFPB’s new approach to regulation,” which is designed to create “catalysts for more competition.” With respect to Section 1033, Director Chopra said that the CFPB is “exploring safeguards to prevent excessive control or monopolization by one, or even a handful of, firms” and will be working toward avoiding regulations that could be “rigged in favor of some players over others.” Director Chopra’s focus on competition as an essential element of consumer protection has been a hallmark of his directorship.
John K. Van De Weert
Thomas G. Ward
Washington, D.C.
tgward@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Kerry Nilsen
Washington D.C.
knilsen@sidley.com
Joel D. Feinberg
Washington, D.C.
jfeinberg@sidley.com
Upcoming Events
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com