On Feb. 21, 2018, the SEC voted unanimously to approve a statement and interpretive guidance to assist the public in preparing disclosures about cybersecurity risks and incidents. The new guidance expands upon previous guidance provided in October of 2011.
In this roundtable discussion, two law firm partners and two GCs share their experience and insight on the evolving nature of e-discovery and its intersection with AI, cybersecurity and privacy.
Part Two of a Two-Part Article
As we saw in Part One, regulators have recently shown a tendency to focus on compliance officers who they deem to have failed to ensure that the compliance and anti-money laundering (AML) programs that they oversee adequately prevented corporate wrongdoing, and there are several indications that regulators will continue to target compliance officers in 2018 in actions focused on Bank Secrecy Act/AML compliance.
With its decision in Digital Realty v. Somers, the U.S. Supreme Court dealt a blow to companies interested in learning of their own securities violations before the government gets the heads-up. The case's outcome means whistleblowers who might have reported violations internally will be incentivized to bypass their own companies' compliance mechanisms in favor of immediate reporting to the SEC.
Many companies remain overwhelmed by the prospect of developing a cybersecurity program. Too many still see cyber crime as an IT issue, and simply defer to that department. Cybersecurity is most definitely an information security issue and it must be treated as such. Failure to recognize this concept almost ensures a weak cybersecurity program that remains highly vulnerable to breaches.
The Department of Labor (DOL) issued regulations that revise the ERISA claims procedure regulations for employee benefit plans that provide disability benefits. The scope of the new regulations are broader than you may realize and apply to any plan, regardless of how it is characterized, that provides benefits or rights that are contingent on whether the plan determines an individual to be disabled.
Data privacy is one of the most important issues facing corporations, and amidst the challenges of protecting customer data, the regulatory landscape that oversees it is shifting on an almost daily basis. With changes occurring at such a rapid pace across all corners of the globe, it's not surprising that organizations are increasingly finding themselves inadequately prepared to deal with these regulations.
While laws such as the FCPA do not necessarily prohibit hiring individuals with criminal records or bad credit records or who are former government officials, they do require employers to identify these individuals and assess whether their hire would pose a threat, violate the laws outright or impose an administratively difficult burden due to the need to monitor their activities.
What powers does the New York City Landmarks Preservation Commission have to require a building owner to maintain a mechanical clock located in the interior of a building? In Save America's Clocks, Inc. v. City of New York, New York's Appellate Division, First Department, held that the Commission had power to require maintenance of the clock, and to require public access to it.
For members of a conservative industry that — literally — wrote the rulebook on sexual harassment, law firms need to be ready for a day of reckoning that seems inescapable.
