On March 9, 2022, President Biden signed a wide-ranging Executive Order on Ensuring Responsible Development of Digital Assets (the “Order”). While the Order does not mandate any particular regulatory prescriptions, it lays out key policy goals for a whole-of-government approach to digital asset regulation and directs the U.S. Government to assess the potential for a
Cybersecurity and data privacy continue to be among the most significant legal risks that businesses face today.
Last year brought a series of high-profile cyberattacks on major companies and U.S. infrastructure targets, continuing the trend seen in recent years. Regulators also brought a number of cybersecurity enforcement actions and announced new rules, guidance, and initiatives on ransomware and other cyber-related issues. In addition, after many years of debate, Congress made some progress in crafting legislation that would require certain companies to report significant cyberattacks and ransomware payments to the U.S. federal government. Companies should expect the demands of cybersecurity risk management and oversight to intensify as we enter 2022.
Continue Reading 2021 Cybersecurity and Privacy Developments in the United States
We are delighted that Anthony M. Shults has rejoined Cleary Gottlieb as a senior attorney from the U.S. Department of Justice (DOJ), where he served as acting Deputy Assistant Attorney General and Senior Counsel in the Office of Legal Policy and as Attorney-Advisor in the National Security Division. He is based in our New York office and will focus on cybersecurity, data privacy, and emerging technologies, as well as securities, appellate, and complex commercial litigation.
Continue Reading Cleary Gottlieb Welcomes Back Anthony M. Shults, Former Acting Deputy Assistant Attorney General and Senior Counsel at the Department of Justice
Recent developments in a lawsuit have illustrated the importance of maintaining sufficient data security measures and responding adequately to data breaches, which topics are addressed in Cleary Gottlieb’s Global Crisis Management Handbook in depth. A class-action lawsuit in the Northern District of California against Robinhood Financial, LLC, a securities trading platform, alleges that unauthorized users…
Have the right policies in place
– Ensure clear, readily accessible, and (where necessary) country-specific policies are in place indicating the permitted uses of company devices and other IT equipment, including messaging services. If you allow employees to use their own devices to perform work, make sure your policies adequately address issues of access in the context of investigations.
Continue Reading Be Prepared: How to Proactively Account for Data Privacy
Many investigations, particularly those that are cross-border in nature, are likely to present data privacy issues, and managing these issues is frequently a key consideration in an investigation. By keeping data privacy laws in mind as soon as an investigation starts, an organization will avoid the risk that it has failed to satisfy certain requirements, thereby exposing itself to the possibility of a fine or sanction from a regulator.
Continue Reading Incorporating Data Privacy Considerations Into Investigations
One critical issue to consider in responding to an investigative request is whether by producing the requested data, the company will be waiving a privilege or violating legal confidentiality obligations, including data privacy restrictions.
Continue Reading Before You Press Send: Protecting Privilege and Complying With Limitations on Data Dissemination When Responding to an Investigative Request
In summer 2018, a new Indian Personal Data Protection Bill was released by a Committee of Experts formed under the Chairmanship of Justice B.N. Srikrishna (the “Bill”), accompanied by a report titled “A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians.” After several months’ hiatus, reports are emerging of renewed impetus from India’s Ministry…
Moderator Doug Chia, executive director of The Conference Board, Nick Mankovich, Vice President and Chief Information Security Officer (“CISO”) at medical technology firm Becton Dickinson, Daniel, and Alexis discussed current cybersecurity risks, how cyber-attacks are changing, and the role that management and the board should play in ensuring that companies are prepared.
Continue Reading Cleary Partners Participate in Panel Discussion on Cybersecurity and Board Oversight