SEC's 2025 Exam Priorities Include Cybersecurity and AI

By Trisha Sircar

On November 21, 2024, the Securities and Exchange Commission's (SEC's) Division of Examinations (the Division) released its 2025 examination priorities. This year's examinations will prioritize perennial and emerging risk areas, such as fiduciary duty, standards of conduct, cybersecurity and artificial intelligence (AI). Read more about the risk areas the Division will review, including information security programs and the effectiveness of incident response plans.

NYDFS Cybersecurity Regulation Compliance Requirements for November 1, 2024

By Trisha Sircar

As we previously reported, in 2023 the New York State Department of Financial Services (NYDFS) amended its cybersecurity regulation, 23 NYCRR 500 (or Part 500). NYDFS has now published guidance on the implementation timeline for key compliance dates for the various categories of entities impacted such as Small Businesses, Class A Companies and Covered Entities. Numerous requirements will become effective as of November 1, 2024. Read more about the requirements for the entity categories, including cybersecurity governance and multi-factor authentication.

The European Commission Reports on the First Year of the EU-US Data Privacy Framework

By Trisha Sircar

In July 2023, the European Commission adopted an adequacy decision for the EU-US Data Privacy Framework (DPF), as Katten has previously reported. This permitted the free flow of personal data from the EU to DPF-participating companies in the United States. On October 9, 2024, the European Commission issued a review of the adequacy decision of the EU-US DPF to the European Parliament and Council of Europe after its first year in force. Read more about the information gathered during this first review of the adequacy decision.

