March 2, 2018

SEC’s Updated Cybersecurity Disclosure Guidelines Leave Questions Unanswered

As previewed in our previous post, the United States Securities and Exchange Commission (“SEC”) unanimously approved new cybersecurity interpretive guidance—a format used to clarify the SEC’s views on security laws and regulations—on Wednesday of last week. The guidelines make no mention of how they affect and interplay with other regulators’ data privacy requirements, so whether… Read More

February 28, 2018

Full Metal Cryptojacket

In retrospect, it all seems so predictable. International capitalism creates virtual currencies. Banks are avoided. Millennials hail a new world order of anonymous or nearly untraceable market transactions. Numerous parties and exchanges hold on to large quantities of virtual currencies. But then the bad guys show up. And I’m not talking about the regulators. Last month, in what looks like the… Read More

January 11, 2018

Will Big Cyber Hacks Cause the SEC to Issue New Guidelines?

Following a change of heart from a top Securities and Exchange Commission regulator, public companies will likely soon face new guidelines for how they report cybersecurity breaches to investors. SEC Corporate Finance Division Director Bill Hinman was quoted as saying that when Chairman Jay Clayton first asked him if the existing SEC guidance needed to… Read More

April 20, 2016

Judge Flunks Case Against LabMD, FTC Appeals

In March 2015, I wrote about the ongoing dispute between the FTC and LabMD, an Atlanta-based cancer screening laboratory, and looked at whether the FTC has the authority to take enforcement action over data-security practices alleged to be insufficient and therefore “unfair” under section 5(n) of the Federal Trade Commission Act (“FTCA”). On November 13,… Read More

March 6, 2015

Why the FTC Can Go After Companies For Insufficient Data Security Allegations

  FTC seems more confident than ever in its authority to go after companies with insufficient data security measures. As of January 2015, FTC had settled 53 data-security enforcement actions, and FTC Senior Attorney Lesley Fair expects that number to increase. Not everyone is sanguine about FTC’s enforcement efforts. Companies targeted for administrative action complain… Read More

May 13, 2014

SEC Takes Proactive Approach to Cybersecurity

Last month, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) formally announced its cybersecurity initiative in a Risk Alert. The initiative followed up on OCIE’s announced prioritization of cybersecurity preparedness as part of its 2014 Examination Priorities. The initiative is also timely because the general public is becoming more conscious… Read More

December 11, 2013

Taking Advantage of a Video Poker Glitch Can Land you in Jail in Nevada

Last month, federal prosecutors in Nevada filed a motion to dismiss an indictment that shined a bright light on overly broad federal criminal statutes and the abuse of prosecutorial discretion in using them. John Kane and Andre Nestor were each charged in an indictment in January 2011 with one count of conspiracy to commit wire… Read More

December 11, 2013

Taking Advantage of a Video Poker Glitch Can Land you in Jail in Nevada

Last month, federal prosecutors in Nevada filed a motion to dismiss an indictment that shined a bright light on overly broad federal criminal statutes and the abuse of prosecutorial discretion in using them. John Kane and Andre Nestor were each charged in an indictment in January 2011 with one count of conspiracy to commit wire… Read More