The U.S. Bankruptcy Court for the District of Delaware recently ruled that choice of law and venue selection provisions in a contract between a U.S. creditor and Italian debtor did not trump the debt restructuring plan approved by an Italian bankruptcy court.
U.S. laws require companies to retain records for years, and sometimes forever, and violating U.S. records retention laws can result in domestic fines and penalties. How can U.S. companies comply with the GDPR's “right to erasure” while still fulfilling their U.S. records retention obligations?
Most firms have extensive cybersecurity measures in place, but emerging or unclear regulatory requirements embroil them in a never-ending cycle of evaluation, best-practices review, and implementation. Firms don't just need to have their own systems secured; a responsible firm must also reduce the risk of breach at their third-party vendors. As cloud service providers become commonplace, so too does a firm's responsibility to ensure their vendors are managing risk appropriately.
Small Law Firms Face Large Regulatory Requirements
Unlike large firms with comparable resources with which to protect client non-public information, small firms can find themselves trapped between cyberattacks, like ransomware, that don't prejudice based on the size of firm, and regulators who are indifferent to your size, when investigating a potential violation.
As of Jan. 1, 2018, each jointly administered debtor with quarterly disbursements of at least $1,000,000 must pay a fee of 1% of all disbursements, up to $250,000 per quarter. Although this change in the law was only intended to address shortfalls in UST funding, it has taken a little-noticed component of bankruptcy and magnified it into a ticking tax-bomb for unsuspecting debtors and their lenders.
On Feb. 21, 2018, the SEC voted unanimously to approve a statement and interpretive guidance to assist the public in preparing disclosures about cybersecurity risks and incidents. The new guidance expands upon previous guidance provided in October of 2011.
In this roundtable discussion, two law firm partners and two GCs share their experience and insight on the evolving nature of e-discovery and its intersection with AI, cybersecurity and privacy.
Part Two of a Two-Part Article
As we saw in Part One, regulators have recently shown a tendency to focus on compliance officers who they deem to have failed to ensure that the compliance and anti-money laundering (AML) programs that they oversee adequately prevented corporate wrongdoing, and there are several indications that regulators will continue to target compliance officers in 2018 in actions focused on Bank Secrecy Act/AML compliance.
With its decision in Digital Realty v. Somers, the U.S. Supreme Court dealt a blow to companies interested in learning of their own securities violations before the government gets the heads-up. The case's outcome means whistleblowers who might have reported violations internally will be incentivized to bypass their own companies' compliance mechanisms in favor of immediate reporting to the SEC.
Many companies remain overwhelmed by the prospect of developing a cybersecurity program. Too many still see cyber crime as an IT issue, and simply defer to that department. Cybersecurity is most definitely an information security issue and it must be treated as such. Failure to recognize this concept almost ensures a weak cybersecurity program that remains highly vulnerable to breaches.
