Tag Archives: James Haldin

Cyber Experts React to Court Decision in the SEC’s SolarWinds Enforcement Action

Editor’s Note: PCCE has been watching the developments in the SEC’s enforcement action against SolarWinds and its CISO over allegedly misleading disclosures and controls failures related to the compromise of its Orion product by putative Russian hackers. In this post, cybersecurity experts and lawyers discuss the recent decision by U.S. District Judge Paul Engelmayer to dismiss most of the SEC’s claims in the case.

Photos of the authors

Top left to right: Randal Milch, Judy Titera, James Haldin, and Alan Wilson. Bottom left to right: Matthew Beville, Elizabeth Roper, and Jerome Tomas. (Photos courtesy of authors)

Continue reading

Looking Back at Fall 2023 PCCE Events: Conference on Security, Privacy, and Consumer Protection

As we prepare for a full schedule of events in 2024, the NYU School of Law Program on Corporate Compliance and Enforcement (PCCE) is taking a moment to reflect on our busy Fall 2023 program. In this post, we review our November 17, 2023 full day conference on Security, Privacy, and Consumer Protection.

Photo of conference

(©Hollenshead: Courtesy of NYU Photo Bureau)

Continue reading

Privacy Experts Share Tips for Managing an Effective Privacy Program from PCCE’s Fall Security, Privacy, and Consumer Protection Conference

Photo of Event Speakers

Left to Right: James Haldin, Judy Titera, Melissa Harrup, Nicole Friedlander, and Avi Gesser (©Hollenshead: Courtesy of NYU Photo Bureau)

On November 17, 2023, the NYU Law Program on Corporate Compliance and Enforcement (PCCE) hosted a standing-room-only full-day conference on Security, Privacy, and Consumer Protection. The conference addressed issues such as managing effective cybersecurity and privacy compliance programs, the use of “dark patterns” to manipulate consumer choices, whether privacy regulation and enforcement actions actually prompt firms to update their privacy policies, and the new amendments to the New York Department of Financial Services cybersecurity rules. A full agenda of the conference, along with speaker bios, is available here. In this post, several participants from the panel on Managing an Effective Privacy Program in a Time of Increasing Regulatory and Legal Risk share further thoughts on the issue.

Continue reading

New York DFS Issues Guidance for Adoption of Affiliates’ Cybersecurity Programs

by Greg Andres, Matthew Bacal, Martine Beamon, Angela Burgess, Robert Cohen, Gabriel Rosenberg, Margaret Tahyar, James Haldin, Matthew Kelly, and Daniel Newman

The New York DFS issued new guidance regarding a covered entity’s reliance on an affiliate’s cybersecurity program. The guidance explains DFS’s view that, when a covered entity relies on an affiliate’s program, DFS has authority to examine the affiliate’s program.

Since 2017, New York’s Cybersecurity Regulation, 23 N.Y.C.R.R. Part 500, has required any “Covered Entity”—that is, any entity regulated by New York’s Department of Financial Services (DFS)—to maintain a risk-based cybersecurity program consistent with certain prescriptive technical and procedural requirements. These requirements, the DFS has maintained, are designed to ensure that the Covered Entity’s program adequately protects the Covered Entity’s information systems and the nonpublic information maintained on them.

Continue reading