The proper handling, management and protection of confidential
information continues to be a major risk management issue facing
companies, their executives, employees, and the boards that oversee
them. (See our previous post
Risk Management in a Digital World – Addressing
Cyber-Security Threats at the Board Level, dated January 9,
2015). Recently, the Securities and Exchange Commission (the
"SEC") commenced a civil complaint against over 30 individuals
and firms from around the world that are alleged to have stolen
150,000 confidential press releases of publicly-traded companies
from several newswires services' computer systems. At the time
the press releases were stolen they had not yet been released to
the public. At least one of the hacked newswire services is based
in Toronto. Criminal charges, including various fraud and
conspiracy charges have been brought by US Federal Prosecutors in
New York and New Jersey against several of the individuals
alleged to have been involved with the scheme.
The confidential press releases, allegedly stolen by Ukrainian
hackers were shared with traders in the United States and Europe,
who traded on the non-public information and in turn made profits
of over $100 million over a five year period.
Additional Complexity in the Detection and Enforcement of
This recent case highlights the increasing complexity facing
securities regulators in their efforts to combat insider trading.
As we have previously discussed in
earlier blog posts, prosecutions of more traditional forms of
insider trading have proven challenging for regulators in Canada
and in the United States. The risks and dangers presented by
cybercrime both at a local and global level add additional
challenges that will have to be met by securities regulators in
their enforcement of insider trading and other securities laws,
particularly given the untraditional source of the information
alleged to have been misused in these instances. Securities
regulators will have to work with corporations, newswire services,
and those charged with the safeguarding of confidential
information, in remaining vigilant in the prevention and detection
of securities related cybercrimes.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Peerenboom v Marvel Entertainment (2016 NY Slip Op 31957(U)) is drama-driven case in which the New York County Supreme Court afforded Toronto businessman Harold Peerenboom the right to obtain the private emails...
The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act, should be interpreted.
The Ontario Superior Court of Justice recently approved a settlement agreement in the Lowanski v The Home Depot class action, a decision that highlights adequate protection and a sufficient response can significantly reduce the legal risks after a data breach.
The October 19, 2016 judgment of the European Court of Justice in the matter brought by Patrick Breyer against the Federal Republic of Germany (the "EU Decision") raises the issue of whether an IP address is personal information under the EU Directive 95/46/EC and provides an interesting comparison with the Canadian perspective.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).