Mr. Gesser is a partner in Davis Polk’s Litigation Department. [Full Bio]

For the first time, the CFTC has fined a company for poor cybersecurity practices that resulted in a third-party breach of the company’s information systems.  This development is consistent with an increasing trend of regulators holding companies responsible for the cybersecurity failures of third-party service providers.

AMP Global Clearing LLC
Continue Reading

Plaintiffs in data breach cases have tried many theories of recovery, with mixed results. However, plaintiffs and regulators are increasingly having success with allegations of unfair business practices. Davis Polk has published a blog post describing the rise of breach-related Consumer Protection Act actions. The full blog post is available
Continue Reading

Background
On November 5, 2017 the International Consortium of Investigative Journalists (“ICIJ”) released the “Paradise Papers,” a collection of 13.4 million files that appear to have been hacked from offshore service providers and company registries in 19 tax haven jurisdictions.  Of these 13.4 million files, approximately seven million were obtained
Continue Reading

The Davis Polk Cybersecurity Team recently blogged about the breach of the SEC’s EDGAR database:

“…The SEC does not believe that personally identifiable information was exposed, but the investigation is still ongoing and raises questions regarding government agencies’ obligations to protect sensitive information, and the potential litigation challenges facing individuals


Continue Reading

Wednesday, October 11, 2017
12:00 pm – 1:00 pm ET

Register for Webcast

Please join us for a discussion on the evolving law and practice on the document management aspects of cyber security, including:

  • Regulators’ expectation for companies regarding deleting old non-public data to reduce cyber risk.
  • The interactions between


Continue Reading

In October 2016, the U.S. federal banking agencies jointly issued an advance notice of proposed rulemaking regarding enhanced cyber risk management standards (the “Enhanced Standards”).  The Enhanced Standards would apply on an enterprise-wide basis to large financial institutions and their service providers, as detailed in this memorandum.  The U.S. federal


Continue Reading

In September 2016, the New York State Department of Financial Services (the “NYDFS”) proposed new cybersecurity regulations (the “Proposed Rules”) for banks, insurance companies and other financial institutions regulated by the NYDFS (“Covered Entities”).[1]  The Proposed Rules reflect an ongoing interest in cybersecurity by


Continue Reading