On March 15, 2023 the U.S. Securities and Exchange Commission (“SEC”) released its proposal to amend Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, while simultaneously issuing two additional cybersecurity-related rule proposals[1] and re-opening the comment period for its previously-proposed cybersecurity risk management rule released in February 2022.[2] This set of sweeping reforms makes it clear, if not already, that the SEC is serious about implementing comprehensive cybersecurity and privacy standards across its regulated entity population—including investment advisers.   

This new proposed rulemaking occurs against the backdrop of the SEC’s longstanding focus—through examination and enforcement—on the risks that cybersecurity incidents pose to covered firms and, by extension, to their investors, clients and customers. The Division of Examinations has made information security and resilience an examination priority every year since 2014, and it did so again in 2023.[3] Similarly, the Division of Enforcement has repeatedly brought enforcement actions in this area, including fourteen relating to cybersecurity controls and safeguarding customer information since 2015,[4] pursuing these actions through its dedicated Crypto Assets and Cyber Unit which recently almost doubled in size to fifty professionals.[5] In addition to pursuing violations uncovered during the course of routine compliance examinations, the Examinations and Enforcement Divisions also proactively investigate potential violations of which they become aware, either through whistleblowers or public news reports of prominent security breaches, such as the late 2020 SolarWinds cyber breach.[6] SEC examination and enforcement focus in this area can therefore be expected to continue—and possibly even increase—creating more risk for firms as compliance obligations expand.

For more information, read the full client alert here.


[1]    Cybersecurity Risk Management Proposed Rule for Broker-Dealers, Clearing Agencies, Major Security-Based Swap Participants, the Municipal Securities Rulemaking Board, National Securities Associations, National Securities Exchanges, Security-Based Swap Data Repositories, Security-Based Swap Dealers, and Transfer Agents, Exchange Act Release No. 34-97142 (Mar. 15, 2023) (“Exchange Act Cybersecurity Proposal”), and Regulation Systems Compliance and Integrity, Exchange Act Rel. No. 34-97143 (Mar. 15, 2023) (“Regulation SCI Proposal”).

[2]    Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, Securities Act Rel. No. 11028 (Feb. 9, 2022) (“Cybersecurity Proposal”).

[3]   SEC Division of Examinations, 2023 Examination Priorities, at pp. 13-14.

[4]    SEC Website, Crypto Assets and Cyber Enforcement Actions — Regulated Entities – Cybersecurity Controls and Safeguarding Customer Information.

[5]    SEC Press Release, SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit, May 3, 2022.

[6]    Reuters, U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources, June 22, 2021

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Nolan Goldberg Nolan Goldberg

Nolan M. Goldberg is a partner in the Litigation Department, co-head of the Data Privacy and Cybersecurity Litigation Group, and a member of the Patent Law Group. His practice focuses on technology-centric litigation, arbitration (including international arbitrations), investigations and counseling, covering a range…

Nolan M. Goldberg is a partner in the Litigation Department, co-head of the Data Privacy and Cybersecurity Litigation Group, and a member of the Patent Law Group. His practice focuses on technology-centric litigation, arbitration (including international arbitrations), investigations and counseling, covering a range of types of disputes, including cybersecurity, intellectual property, and commercial.  Nolan’s understanding of technology allows him to develop defenses and strategies that might otherwise be overlooked or less effective and enhances the “story telling” that is critical to bringing a dispute to a successful conclusion.

Nolan is a registered patent attorney before the U.S. Patent & Trademark Office; and an International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional, United States (US CIPP) and Certified Information Privacy Technologist (US CIPT).

Cybersecurity

Nolan’s electrical engineering background, coupled with a litigation and risk management-centric focus, allows him to assist companies in all phases of incident response. Nolan often acts as a bridge between the technical and legal response teams (both inside and outside forensic consultants). Nolan uses this deep familiarity with the company and its systems to defend the company in litigations, arbitrations and regulatory investigations, including before the Federal Communications Commission (FCC); Federal Trade Commission (FTC) and before various State’s Attorneys General, including Multi-State investigations.

Nolan has worked on incidents that range from simple phishing attacks on e-mail accounts by cyber-criminals to intrusions by (formerly) trusted inside employees to complex technical breaches of hosted systems by state-sponsored advanced persistent threats (APTs). These incidents have involved both client systems, and systems of a vendor of a client that hosted its data.

It is often the case (both in response to an incident and for other reasons) that a company will want to undertake an assessment of its security posture, but has concerns about the discoverability of any such analysis.  Accordingly, Nolan also frequently assists companies’ scope and conduct privileged security assessments, including “dual purpose” assessments where privileged analysis are also used for ordinary-course purposes.

Commercial Disputes

Nolan also assists companies with commercial disputes, particularly in cases where there is a technology component, including disputes arising from hosted software agreements; outsourcing and managed services agreements; software and technology development agreements and the dissolution of joint ventures.  When these disputes cannot be amicably resolved, Nolan has litigated them in State and Federal Court and in arbitrations, including international arbitrations.

Intellectual Property

Nolan’s work has included numerous patent and trade secret litigations and negotiations, primarily in cases involving computer and network-related technologies. In particular, the litigations have involved at least the following technologies: hosted software; telecommunications, computer networking; network and computer-related security hardware and software; microprocessors, voice-over Internet protocol (“VoIP”); bar code scanners  financial business methods and software, including securities settlement, fail management and trade execution and reporting software; data compression; handheld computers; pharmaceuticals; cardiac electro-stimulatory devices and prosthetics.

Nolan also has experience prosecuting patent applications before the U.S. Patent and Trademark Office in encryption, CMOS, HDTV, virtual private networks (“VPN”), e-commerce, XML/XSL, financial instruments, semiconductor electronics, medical device technology, inventory control and analysis, cellular communications, Check 21 and business methods. Nolan also has conducted numerous freedom-to-operate searches, written opinions, and counseled clients in the areas of bar code scanners, imaging, book publishing, computer networking, business methods, Power Over Ethernet (“PoE”), and digital content distribution.

He has assisted in evaluating patents for inclusion in patent pools involving large consumer electronics and entertainment companies concerning CD and DVD technology.

Computer Forensics and Electronic Discovery

Nolan is often called upon to develop e-discovery strategies to be used in all types of litigations, with a particular focus on selecting appropriate tools, developing proportionate discovery plans, cross border electronic discovery, managing the overall burden and cost of the electronic discovery process, and obtaining often overlooked electronic evidence, including computer forensics. He also assists clients to develop and implement information management programs to reduce expense and risk, meet compliance obligations, and tame e-discovery burdens.

Thought Leadership

Nolan has authored numerous articles and given numerous presentations on emerging issues and trends in both technology and law, and has often been called upon to comment on various media outlets including Business Week, IPlaw360, IT Business Edge, CIO.com, Forbes, and The National Law Journal.

Prior to practicing law, Nolan was a computer specialist at Underwriters Laboratories (UL).

Photo of Robert Pommer Robert Pommer

Robert W. Pommer III is a partner in the Litigation Department and a member of Proskauer’s Securities Litigation, White Collar Defense & Investigations groups and the Asset Management Litigation team.

Bob’s practice focuses on a broad range of securities-related enforcement and compliance issues.

Robert W. Pommer III is a partner in the Litigation Department and a member of Proskauer’s Securities Litigation, White Collar Defense & Investigations groups and the Asset Management Litigation team.

Bob’s practice focuses on a broad range of securities-related enforcement and compliance issues. He represents private fund managers, financial institutions, public companies, and their senior executives in enforcement investigations and litigation conducted by the SEC, the U.S. Department of Justice, and other governmental entities and financial services regulators. He also conducts internal investigations and counsels investment advisers and public companies on regulatory compliance, corporate governance and other SEC-related issues.

Prior to his career in private practice, Bob served as Assistant Chief Litigation Counsel in the SEC’s Division of Enforcement for nine years. While there, he investigated and litigated several high-profile cases involving complex financial fraud and audit failures. Bob also worked on enforcement actions involving insider trading, investment adviser and broker-dealer issues, market manipulation and other violations of the federal securities laws.

Photo of Robert Sutton Robert Sutton

Robert is a partner of the Private Funds Group and a member of the Corporate Department. He is a seasoned practitioner with over 20 years of experience counseling managers and advisers of private funds on regulatory matters, as well as regulatory issues related…

Robert is a partner of the Private Funds Group and a member of the Corporate Department. He is a seasoned practitioner with over 20 years of experience counseling managers and advisers of private funds on regulatory matters, as well as regulatory issues related to the formation and operation of private equity, credit, real estate, infrastructure, hedge and other private funds.

Rob has a deep knowledge of the market practice of asset managers and in particular, as it relates to Advisers Act-related issues. From some of the largest and most sophisticated firms in the global asset management industry to start-ups and mid-sized firms, Rob’s experience includes a wide spectrum of funds and asset classes across their life cycles. Rob regularly advises on matters in connection with: U.S. investment adviser registration and regulation; Advisers Act and other U.S. securities law issues relating to the formation, marketing and offering of private funds; Identifying and managing conflicts of interest, and addressing related Advisers Act risks, SEC examinations, and exam readiness preparation; Design and implementation of investment adviser compliance policies and procedures; U.S. regulatory issues relating to purchases and sales of investment advisory businesses (minority stake and control stake transactions, buy-side and sell-side representations); Advisers Act and other U.S. regulatory issues relating to private fund restructurings and recapitalizations, strip sales, continuation fund formations and similar transactions; Advisers Act issues relating to the formation of SPACs by investment advisers; and, Investment Company Act status analyses of private fund structures, investment transaction structures and other non-registered investment company structures.

Rob has been recognized by his clients and peers for his extraordinary work, gaining various accolades including mentions in preeminent directories such as The Legal 500.  He is also very active within the private funds industry, contributing to numerous publications and collaborating on several speaking engagements.

Prior to joining Proskauer, Rob was a partner in the Investment Funds Group at Kirkland & Ellis.