On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory (the “Advisory”) outlining the Conti ransomware group’s tactics, techniques, and procedures (“TTPs”) to help companies protect against their attacks. This Advisory is especially notable because it is an example of the type of information sharing promised by the Biden administration, which includes technical details about the Conti group’s TTPs. It also heralds the launch of new website called: StopRansomware.gov. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Carly R. Owenshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngCarly R. Owens2021-10-14 11:02:072023-09-07 12:25:03The U.S. Federal Government Continues Its Focus on Ransomware Attacks: CISA, FBI, and NSA Publish Technical Advisory on the Conti Group
The U.S. Securities and Exchange Commission (SEC) Division of Enforcement is stepping up investigative efforts looking at registered firms’ use of personal devices for business communications, which can implicate their recordkeeping obligations and result in failure to retain and produce responsive business-related communications in SEC investigations. These risks are particularly acute in the current work-from-home posture at many firms, where employees may more easily blur the line between personal and business communications. Firms should review their policies, procedures, and communication monitoring to ensure that employees are not engaging in business-related communications outside of the firm’s official channels and in a manner that the firm is unable to capture and preserve if required.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Ranah Esmailihttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngRanah Esmaili2021-10-13 10:15:042023-12-18 13:44:57Is the SEC Coming for Your Texts? SEC’s New Enforcement Director Telegraphs a Warning to Registrants About Improper Use of Personal Devices for Business-Related Communications
Death, taxes and data breaches. Cybersecurity incidents have grown in frequency, scale and seriousness. As articulated in President Biden’s May 2021 Executive Order, Improving the Nation’s Cybersecurity, “[t]he United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” These threats lead to direct costs on victims, and these costs have also grown exponentially in recent years, as readers of the famed annual Ponemon data breach report well know. This year’s report is out, and confirms the continuation of a troubling trend. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Kaitie M. Wilsonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngKaitie M. Wilson2021-10-12 11:25:262023-09-07 12:30:57Data Breaches are More Expensive than Last Year, New IBM Security Report Finds
On July 22, 2021, the Federal Trade Commission finalized important changes to its procedures for rulemaking under Section 18 of the FTC Act. Section 18 authorizes the Commission to make regulations, termed “Trade Regulation Rules,” (or “Magnuson-Moss Rules” after their authorizing statute), which “define with specificity” conduct that violates the FTC Act’s ban on “unfair or deceptive” business practices. Section 18 rules are promulgated through a “hybrid rulemaking” process that includes, if an interested party requests it, an “informal hearing” with limited opportunities for oral presentation and cross-examination by representatives of stakeholder groups. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Alan Charles Raulhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAlan Charles Raul2021-10-04 12:22:262023-09-07 12:31:26Changes to FTC Rulemaking Procedures Herald More Aggressive Action on Consumer Privacy
On September 30, the U.S. Senate confirmed Commissioner Rohit Chopra of the Federal Trade Commission as the new Director of the Consumer Financial Protection Bureau (CFPB). Director Chopra is expected to usher in a regime of dramatically increased enforcement and creative, expansive regulation. Many financial institutions will have questions and concerns about the CFPB, how it will affect their businesses and operations, and how to productively engage with this exceptionally powerful and opaque regulator. It is now more important than ever to closely follow the work of the CFPB as new leadership seeks to aggressively employ all of the agency’s tools in service of the American consumer. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00John K. Van De Weerthttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJohn K. Van De Weert2021-10-01 12:11:132023-09-07 12:31:56Rohit Chopra Confirmed as CFPB Director; Historically Active Enforcement and Regulatory Regime Begins
On September 14, 2021, the U.S. Securities and Exchange Commission (SEC) settled an enforcement action against App Annie Inc., an alternative data provider for the mobile app industry, and its former CEO Bertrand Schmitt. The SEC charged App Annie and Schmitt with securities fraud, under Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5, for engaging in deceptive practices and materially misrepresenting how App Annie derived its alternative data, thereby inducing trading firms to become subscribers to use App Annie’s data in their decisions to buy and sell securities. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Ranah Esmailihttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngRanah Esmaili2021-09-30 15:53:182023-09-07 12:33:27SEC Fines Alternative Data Provider for Securities Fraud
*This article first appeared on Judicature in Summer 2021
With the proliferation of social media platforms and other new technologies has come a renewed legal focus on privacy. Most of that focus has centered on data collection, storage, sharing, and, in particular, third-party transactions in which customer information is harnessed for advertising purposes. But what about other contexts? Could a party, for instance, decline to produce, review, or even collect certain types of data due to privacy concerns? Should privacy be considered a “burden” under the proportionality analysis required by Federal Rule of Civil Procedure Rule 26(b)?
In this essay, Robert D. Keeling and Ray Mangum, a partner and associate, respectively, at Sidley Austin LLP, argue that privacy should be considered a burden under Rule 26(b).
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Robert D. Keelinghttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngRobert D. Keeling2021-09-29 16:01:082023-09-07 12:34:06The Burden of Privacy In Discovery
This summer, the Federal Trade Commission (“FTC”) hosted its sixth annual PrivacyCon, an event focused on the latest research and trends related to consumer privacy and data security. This years’ event was divided into six panels: Algorithms; Privacy Considerations and Understandings; Adtech; Internet of Things; Privacy-Children and Teens; and, Privacy and the Pandemic. Welcoming attendees and kicking off the event, Commissioner Rebecca Kelly Slaughter called for minimization of data abuses and for a move away from the notice and consent model of privacy in favor of data minimization. PrivacyCon topics are selected by the FTC and often seen as an indication of enforcement priorities. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Ernesto R. Claeyssenhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngErnesto R. Claeyssen2021-09-28 09:14:162023-09-07 12:34:31Federal Trade Commission Hosts Panels Related to Consumer Privacy and Data Security at PrivacyCon
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
The U.S. Federal Government Continues Its Focus on Ransomware Attacks: CISA, FBI, and NSA Publish Technical Advisory on the Conti Group
On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory (the “Advisory”) outlining the Conti ransomware group’s tactics, techniques, and procedures (“TTPs”) to help companies protect against their attacks. This Advisory is especially notable because it is an example of the type of information sharing promised by the Biden administration, which includes technical details about the Conti group’s TTPs. It also heralds the launch of new website called: StopRansomware.gov. (more…)
Carly R. Owens
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Stephen W. McInerney
Chicago
smcinerney@sidley.com
Is the SEC Coming for Your Texts? SEC’s New Enforcement Director Telegraphs a Warning to Registrants About Improper Use of Personal Devices for Business-Related Communications
The U.S. Securities and Exchange Commission (SEC) Division of Enforcement is stepping up investigative efforts looking at registered firms’ use of personal devices for business communications, which can implicate their recordkeeping obligations and result in failure to retain and produce responsive business-related communications in SEC investigations. These risks are particularly acute in the current work-from-home posture at many firms, where employees may more easily blur the line between personal and business communications. Firms should review their policies, procedures, and communication monitoring to ensure that employees are not engaging in business-related communications outside of the firm’s official channels and in a manner that the firm is unable to capture and preserve if required.
(more…)
Ranah Esmaili
Washington, D.C.
resmaili@sidley.com
Stephen L. Cohen
Washington, D.C., Boston, ...
scohen@sidley.com
Data Breaches are More Expensive than Last Year, New IBM Security Report Finds
Death, taxes and data breaches. Cybersecurity incidents have grown in frequency, scale and seriousness. As articulated in President Biden’s May 2021 Executive Order, Improving the Nation’s Cybersecurity, “[t]he United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” These threats lead to direct costs on victims, and these costs have also grown exponentially in recent years, as readers of the famed annual Ponemon data breach report well know. This year’s report is out, and confirms the continuation of a troubling trend. (more…)
Kaitie M. Wilson
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Changes to FTC Rulemaking Procedures Herald More Aggressive Action on Consumer Privacy
On July 22, 2021, the Federal Trade Commission finalized important changes to its procedures for rulemaking under Section 18 of the FTC Act. Section 18 authorizes the Commission to make regulations, termed “Trade Regulation Rules,” (or “Magnuson-Moss Rules” after their authorizing statute), which “define with specificity” conduct that violates the FTC Act’s ban on “unfair or deceptive” business practices. Section 18 rules are promulgated through a “hybrid rulemaking” process that includes, if an interested party requests it, an “informal hearing” with limited opportunities for oral presentation and cross-examination by representatives of stakeholder groups. (more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Ash Nagdev
Palo Alto
anagdev@sidley.com
Gabriel Schonfeld
Mark Prior
Sophia Aguilar (*Aguilar was a 2021 Summer Associate in Sidley Austin’s New York office)
Rohit Chopra Confirmed as CFPB Director; Historically Active Enforcement and Regulatory Regime Begins
On September 30, the U.S. Senate confirmed Commissioner Rohit Chopra of the Federal Trade Commission as the new Director of the Consumer Financial Protection Bureau (CFPB). Director Chopra is expected to usher in a regime of dramatically increased enforcement and creative, expansive regulation. Many financial institutions will have questions and concerns about the CFPB, how it will affect their businesses and operations, and how to productively engage with this exceptionally powerful and opaque regulator. It is now more important than ever to closely follow the work of the CFPB as new leadership seeks to aggressively employ all of the agency’s tools in service of the American consumer. (more…)
John K. Van De Weert
Thomas G. Ward
Washington, D.C.
tgward@sidley.com
SEC Fines Alternative Data Provider for Securities Fraud
On September 14, 2021, the U.S. Securities and Exchange Commission (SEC) settled an enforcement action against App Annie Inc., an alternative data provider for the mobile app industry, and its former CEO Bertrand Schmitt. The SEC charged App Annie and Schmitt with securities fraud, under Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5, for engaging in deceptive practices and materially misrepresenting how App Annie derived its alternative data, thereby inducing trading firms to become subscribers to use App Annie’s data in their decisions to buy and sell securities. (more…)
Ranah Esmaili
Washington, D.C.
resmaili@sidley.com
Ryan L. Parchment
New York
rparchment@sidley.com
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Stephen L. Cohen
Washington, D.C., Boston, ...
scohen@sidley.com
Laurin Blumenthal Kleiman
Barry W. Rashkover
The Burden of Privacy In Discovery
*This article first appeared on Judicature in Summer 2021
With the proliferation of social media platforms and other new technologies has come a renewed legal focus on privacy. Most of that focus has centered on data collection, storage, sharing, and, in particular, third-party transactions in which customer information is harnessed for advertising purposes. But what about other contexts? Could a party, for instance, decline to produce, review, or even collect certain types of data due to privacy concerns? Should privacy be considered a “burden” under the proportionality analysis required by Federal Rule of Civil Procedure Rule 26(b)?
In this essay, Robert D. Keeling and Ray Mangum, a partner and associate, respectively, at Sidley Austin LLP, argue that privacy should be considered a burden under Rule 26(b).
(more…)
Robert D. Keeling
Washington, D.C.
rkeeling@sidley.com
Ray Mangum
Washington, D.C.
rmangum@sidley.com
Federal Trade Commission Hosts Panels Related to Consumer Privacy and Data Security at PrivacyCon
This summer, the Federal Trade Commission (“FTC”) hosted its sixth annual PrivacyCon, an event focused on the latest research and trends related to consumer privacy and data security. This years’ event was divided into six panels: Algorithms; Privacy Considerations and Understandings; Adtech; Internet of Things; Privacy-Children and Teens; and, Privacy and the Pandemic. Welcoming attendees and kicking off the event, Commissioner Rebecca Kelly Slaughter called for minimization of data abuses and for a move away from the notice and consent model of privacy in favor of data minimization. PrivacyCon topics are selected by the FTC and often seen as an indication of enforcement priorities. (more…)
Ernesto R. Claeyssen
New York
eclaeyssen@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
Sasha Hondagneu-Messner
New York
shondagneumessner@sidley.com
Upcoming Events
Webinar: AI and The Aviation Industry
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Robert D. Keeling
rkeeling@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com