Mr. Gesser is a partner in Davis Polk’s Litigation Department. [Full Bio]

For the first time, the CFTC has fined a company for poor cybersecurity practices that resulted in a third-party breach of the company’s information systems.  This development is consistent with an increasing trend of regulators holding companies responsible for the cybersecurity failures of third-party service providers.

AMP Global Clearing LLC … Read More

Cyber threats remain a key operational concern for banks, which are otherwise experiencing “near-historic” capital and liquidity highs and improved returns on equity, according to the Office of the Comptroller of the Currency (the “OCC”).  The regulator published its Fall 2017 Semiannual Risk Perspective on January 18th, stating … Read More

Plaintiffs in data breach cases have tried many theories of recovery, with mixed results. However, plaintiffs and regulators are increasingly having success with allegations of unfair business practices. Davis Polk has published a blog post describing the rise of breach-related Consumer Protection Act actions. The full blog post is available … Read More

Background
On November 5, 2017 the International Consortium of Investigative Journalists (“ICIJ”) released the “Paradise Papers,” a collection of 13.4 million files that appear to have been hacked from offshore service providers and company registries in 19 tax haven jurisdictions.  Of these 13.4 million files, approximately seven million were obtained … Read More

The Davis Polk Cybersecurity Team recently blogged about the breach of the SEC’s EDGAR database:

“…The SEC does not believe that personally identifiable information was exposed, but the investigation is still ongoing and raises questions regarding government agencies’ obligations to protect sensitive information, and the potential litigation challenges facing individuals … Read More

Wednesday, October 11, 2017
12:00 pm – 1:00 pm ET

Register for Webcast

Please join us for a discussion on the evolving law and practice on the document management aspects of cyber security, including:

  • Regulators’ expectation for companies regarding deleting old non-public data to reduce cyber risk.
  • The interactions between
Read More

In October 2016, the U.S. federal banking agencies jointly issued an advance notice of proposed rulemaking regarding enhanced cyber risk management standards (the “Enhanced Standards”).  The Enhanced Standards would apply on an enterprise-wide basis to large financial institutions and their service providers, as detailed in this memorandum.  The U.S. federal … Read More

In September 2016, the New York State Department of Financial Services (the “NYDFS”) proposed new cybersecurity regulations (the “Proposed Rules”) for banks, insurance companies and other financial institutions regulated by the NYDFS (“Covered Entities”).[1]  The Proposed Rules reflect an ongoing interest in cybersecurity by

Read More