Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Data Sentinel: The Evolving Role of the Attorney as Protector of Company Data

Data. It is one of your organization’s greatest assets, and a necessary part of doing business. But in today’s financial services environment, it is also a source of one of your organization’s greatest risks. In their article for FinTech Law Report, Sutherland attorneys Michael Steinig and Mary Jane Wilson-Bilik describe the attorney’s evolving role in protecting company data, and...

Pros and Cons of the Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (the PCI DSS) establishes the self-described minimum data protection measures required of all entities involved in payment card transactions. The PCI DSS consists of 12 basic requirements, along with testing procedures and guidance designed to assist entities in meeting each requirement. The PCI DSS itself is not a law or regulation, and...

SEC Moves to Update Transfer Agent Rules; New Rules Likely to Impact Unclaimed Property and Cybersecurity

On December 22, 2015, the Securities and Exchange Commission took the first step in overhauling SEC regulation of transfer agents, the little-discussed but critical intermediaries involved in the prompt clearance and settlement of almost all U.S. securities. After many years in which other types of financial market intermediaries took center stage on the SEC’s rulemaking agenda, the...

SEC Seeks Comment on Cybersecurity Issues in ANPR for Transfer Agents

On December 22, the Securities and Exchange Commission (SEC) issued an advanced notice of proposed rulemaking (ANPR) for new transfer agent requirements, and it also issued a concept release for which public comment on the SEC’s broader review of transfer agent regulation is sought.  In the ANPR, the SEC specifically cited cybersecurity as an area in which the Commission intends to...

The SEC’s Cybersecurity Enforcement Action: Rulemaking by Enforcement

The Securities and Exchange Commission recently brought an enforcement action against an investment adviser that, like a large number of companies, was the victim of a cyberattack. Although the SEC did not allege that any of the firm’s clients suffered harm, the Commission nonetheless sanctioned the firm for its allegedly unreasonable policies and procedures. In their article for...

« Older Entries