Financial Services

PRIVACY POLICIES AND THE SALE OF CORPORATE ASSETS: It pays to plan ahead to preserve the value of your data assets

privacy policy

Personal data is a valuable corporate asset.  At times, the personal information collected from customers (such as email address, mailing address, phone number, etc.) can be a company’s most valuable asset.  Unfortunately, when a company attempts to sell this asset, it can find the value of the data significantly diminished due to promises made in a privacy policy the company implemented years before it ever contemplated such a sale.

READ MORE

The SEC Opens Up a New Front in the Cybersecurity Wars

cybersecurity

For the last few years, the SEC has been issuing guidance as to appropriate cybersecurity policies and procedures for financial firms.  In a move that signal’s the regulator’s willingness to put muscle into its cybersecurity guidance, the SEC announced an agreement with St. Louis-based investment company, R.T. Jones Capital Equities Management (“R.T. Jones” or “the company”), to settle charges that the company failed to adequately safeguard the personal information (“PI”) of approximately 100,000 individuals.  Consistent with this trend, the SEC has announced that its Office of Compliance Inspections and Examinations (“OCIE”) would be conducting a second round of investigations[1] into the cybersecurity practices of brokerage and advisory firms (the “Cybersecurity Examination Initiative”).  These moves signal the SEC’s increasing scrutiny of investment firms’ information security practices and indicate the regulator’s willingness to enforce the guidance that it has issued.

READ MORE

New Guidance for Financial Institution Directors and Officers In Cybersecurity Preparedness

Financial Institutions

Earlier this summer, the Federal Financial Institutions Examination Council (FFIEC) released its highly anticipated Cybersecurity Assessment Tool (Assessment), which is designed to assist financial institutions in identifying and assessing risks and weaknesses in, and the overall maturity of, their cybersecurity preparedness programs.  Financial Institutions’ management, directors, in-house counsel, and regulatory/compliance personnel need to be aware of this development.  Now there is increased guidance on the type of cybersecurity systems and procedures that need to be implemented to satisfy post-hoc regulatory or judicial scrutiny.  This guidance may also impact how regulators, or in the event of a problem, courts hearing civil lawsuits, assess both the institution’s level of preparedness and how the company’s directors and officers discharged their responsibilities in creating and maintaining cybersecurity measures.

READ MORE

New York State Charges Ahead on Critical Infrastructure Cybersecurity Legislation

On Feb. 26, 2015, in an effort to make “New York State’s computer infrastructure the most secure in the nation,” the New York State Senate passed a suite of four cybersecurity-related bills focused on protecting critical infrastructure entities, such as providers of financial services, telecommunications, energy and health care. The bills mark an aggressive effort to toughen penalties on cybercriminals who attack critical infrastructure (S3404 and S3406),1 to implement cybersecurity review processes and reporting by key state agencies (S3405),2 and to establish a “baseline framework” and information-sharing protocols around cybersecurity risks (S3407).

READ MORE

Going for Brokerage: SEC Report Highlights Best (and Worst) Practices in Cybersecurity Preparedness

On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves and their online accounts.  FINRA issued a similar, more extensive “Report on Cybersecurity Practices” on the same day.

READ MORE