-
2 months ago | 
corpgov.law.harvard.edu | Harris Fischman |John Carlin |Jeannie S. Rhee
More from: Harris Fischman, Jeannie Rhee, John Carlin, Paul WeissHarris Fischman, John Carlin, and Jeannie Rhee are Partners at Paul, Weiss, Rifkind, Wharton & Garrison LLP. This post is based on a Paul, Weiss memorandum by Mr. Fischman, Mr. Carlin, Ms. Rhee, Lorin Reisner, Matt Kaminer, and Hunter Kolon.
-
Jun 10, 2024 | 
lexology.com | Jarryd E. Anderson |Susanna M. Buergel |Jessica Carey |Roberto González |Brad S. Karp |Jeannie S. Rhee | +1 more
On June 3, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued a novel and expansive rule requiring certain nonbank providers of consumer financial services to register specified information with the agency in a public registry.[1] The 486-page final rule (“Final Rule”), which is scheduled to take effect September 16, requires nonbank companies that have been subject to certain final public enforcement orders by federal, state, or local agencies involving consumer financial...
-
Dec 28, 2023 | 
lexology.com | John Carlin |Jeh Johnson |Jeannie S. Rhee |Peter Carey
At the beginning of the year, we predicted that the use of personal information and the protection of data in an evolving threat environment would be the focus of increased legislation, regulation, and regulatory enforcement. And 2023 delivered, with both threat actors and regulators presenting new challenges for technology and legal teams.
-
Dec 20, 2023 | 
lexology.com | John Carlin |David Huntington |Luke Jennings |Christodoulos Kaoutzanis |John Kennedy |Jeannie S. Rhee | +5 more
On July 26, 2023, the Securities and Exchange Commission adopted amendments to Form 8-K to add new Item 1.05, which requires public companies to disclose certain information regarding any material cybersecurity incident within four business days of an assessment that the incident is material.[1] New Item 1.05 of Form 8-K took effect for most public companies on December 18, 2023 (smaller reporting companies have until June 15, 2024 to comply).
-
Sep 17, 2023 | 
news.bloomberglaw.com | John Carlin |Jeannie S. Rhee |Peter Carey
The ubiquity of advanced technology has opened the door to efficiencies and innovation, but it has also introduced a new frontier of potential cybersecurity issues, including ones relating to current and former employees. In particular, companies conducting layoffs or downsizing may face a variety of cybersecurity risks as employees exit the organization. Understanding possible cybersecurity threats is a key step as organizations prepare for employee reductions.
-
Aug 2, 2023 | 
lexology.com | Jonathan H. Ashtor |H. Christopher Boehning |John Carlin |Christopher Cummings |David Huntington |Brian Janson | +6 more
The SEC has adopted new disclosure requirements to enhance and standardize public company disclosures regarding cybersecurity risk management and incident reporting. Companies will be required to disclose material cybersecurity incidents within four business days on Form 8-K, and to provide annual disclosure regarding their cybersecurity governance and risk management.
-
Jul 19, 2023 | 
lexology.com | John Carlin |Jeannie S. Rhee |Jessica Carey |Matthew Disler
On July 13, the White House released its National Cybersecurity Strategy Implementation Plan (NCSIP), laying out its strategic plans for pursuing the goals identified in the updated National Cybersecurity Strategy released on March 2[1] and doubling down on the Administration’s call for “fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace to ensur[e] that the biggest, most capable, and best-positioned entities – in the public and private...
-
Jun 1, 2023 | 
law360.com | John Carlin |Jeannie S. Rhee
Recent criminal prosecutions announced by the U.S. Department of Justice have put the spotlight on a risk faced by both public and private sector entities: the threat posed by those inside... To view the full article, register now.
-
Jun 1, 2023 | 
law360.com | John Carlin |Jeannie S. Rhee |David Kessler
By John Carlin, Jeannie Rhee and David Kessler (June 1, 2023, 5:14 PM EDT) -- Recent criminal prosecutions announced by the U.S. Department of Justice have put the spotlight on a risk faced by both public and private sector entities: the threat posed by those inside an organization who use the access they have by dint of employment for criminal purposes.[1]... Stay ahead of the curveIn the legal profession, information is the key to success.
-
May 22, 2023 | 
lexology.com | Walter Brown |John Carlin |Meredith R. Dearborn |Gregory F. Laufer |Jeannie S. Rhee
On May 18, 2023, the Supreme Court issued rulings in Twitter v. Taamneh and Gonzalez v. Google, a pair of cases that concern the potential liability of internet companies for terrorist acts committed by users of those companies’ platforms. In both cases, the Court ruled in favor of the internet companies, narrowing the possibility that such companies will be found liable for similar attacks or other actions of third parties.
