Palmina Fava

Jul 1, 2024 | jdsupra.com | Palmina Fava |Rebecca Fike |Brian Howard II

For more than a decade, the U.S. Securities and Exchange Commission (the “SEC”) has been able to bring enforcement actions in either federal court or the agency’s internal venue. Not anymore. On June 27, 2024, the U.S. Supreme Court issued a pivotal ruling in the case of SEC v. Jarkesy, significantly curtailing the SEC’s ability to use its administrative proceedings to impose civil penalties for securities fraud.

Mar 14, 2024 | jdsupra.com | Sean Dao |Palmina Fava |Michael Kurzer

On February 28, 2024, President Joe Biden issued a landmark Executive Order titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Order”).

Feb 12, 2024 | jdsupra.com | Palmina Fava |Michael Mathews |James McGovern

I. OverviewOn January 10, 2024, the United States Attorney’s Office for the Southern District of New York (“SDNY”) introduced the SDNY Whistleblower Pilot Program (“Pilot Program”), aimed at encouraging individuals to disclose information about specific criminal offenses, particularly urging them to do so early and voluntarily. In return for their cooperation, SDNY will enter into a non-prosecution agreement (“NPA”) if certain conditions are met.

Dec 4, 2023 | jdsupra.com | Briana Falcon |Palmina Fava |Josh Hasler

On November 27, 2023, the New York State Department of Financial Services (“DFS”) and First American Title Insurance Company (“First American”) entered into a consent order1 that resolved litigation over First American’s cybersecurity practices. Though the associated fine ($1 million) was relatively small, the order serves as a reminder to all organizations that simply having cybersecurity policies and procedures in place is insufficient when they are not in fact implemented.

Nov 27, 2023 | velaw.com | Palmina Fava |Briana Falcon |Josh Hasler

Among other things, DFS cybersecurity regulations require DFS-regulated entities (“Covered Entities”), such as First American, to design a cybersecurity program that protects the confidentiality and integrity of information systems and the nonpublic information they contain.2 Covered Entities periodically must perform risk assessments and update their cybersecurity programs as necessary to address changes to the Covered Entities’ risks, information systems, nonpublic information, or business...