On October 23, 2017, the Reserve Bank of India (“RBI”) announced that it was fining India’s Yes Bank $1 million USD for failing to comply with RBI’s breach notification requirement, among other violations. Davis Polk has published a blog post on this escalation in breach notification enforcement and what it … Read More

During congressional hearings earlier this month, senators grilled Richard Smith, the former Equifax CEO, on the company’s reporting structure for cybersecurity; specifically, on the appropriateness of Equifax’s CISO reporting to the general counsel.  Davis Polk has published a blog post on the reporting structure for CISOs and factors companies should … Read More

The Davis Polk Cybersecurity Team recently blogged about the breach of the SEC’s EDGAR database:

“…The SEC does not believe that personally identifiable information was exposed, but the investigation is still ongoing and raises questions regarding government agencies’ obligations to protect sensitive information, and the potential litigation challenges facing individuals … Read More

Wednesday, October 11, 2017
12:00 pm – 1:00 pm ET

Register for Webcast

Please join us for a discussion on the evolving law and practice on the document management aspects of cyber security, including:

  • Regulators’ expectation for companies regarding deleting old non-public data to reduce cyber risk.
  • The interactions between
Read More

Yesterday, the Commodity Futures Trading Commission brought an enforcement action against the operators of an alleged Ponzi scheme who, according to the allegations, collected approximately $600,000 from 80 investors in a pooled fund to invest in bitcoin under a high-frequency, algorithmic trading strategy. The operators instead allegedly misappropriated the funds … Read More

In a much-anticipated action, on July 25 the SEC issued a Section 21(a) report of its investigation into an offering of digital tokens by “The DAO,” an unincorporated virtual organization. Though declining to take enforcement action against The DAO, the SEC used the opportunity to warn others engaged in similar … Read More

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers … Read More

The OCC’s fintech charter proposal is generating a lot of political and media sound and fury. Comptroller Curry’s speech in strong defense of the fintech charter was followed by a letter from the House Financial Services Committee warning the Comptroller against finalizing the new policy – i.e. beginning to accept … Read More