By Jennifer Archie and Alex Stout Tax-related identity theft is nothing new, but tax season 2016 took tax schemes to a new level. Last year, our cyber experts advised a large cluster of clients (public and private companies) over a period of only two weeks, following a nationwide explosion of deviously simple attacks—mostly targeted at … Continue Reading
The SEC today published in the Federal Register its Regulation SCI (Regulation Systems Compliance and Integrity), which requires key market participants to have and implement written policies and procedures reasonably designed to ensure the availability, confidentiality and integrity of their systems as necessary to assure the fair and orderly operation of the markets. Among the … Continue Reading
By Kevin Boyle & Alex Stout Hardly a day passes now without some new report of a security vulnerability with inevitable breaches that follow, but Monday’s news about the two-year old vulnerability in OpenSSL is (or should be) catching everyone’s attention. The problem is a coding error in a widely used cryptographic software library for … Continue Reading
By Omar Elsayed Although some surveys of privacy law suggest otherwise, privacy requirements do in fact exist in the Kingdom of Saudi Arabia (KSA)and are very relevant to companies operating there or seeking to provide services to customers in KSA. Background The paramount body of law in KSA is the Sharīʿah. The Sharīʿah is comprised … Continue Reading
The American Institute of Certified Public Accountants (“AICPA”) Statement of Auditing Standard No. 70, or SAS 70 as it is more commonly known, has been with us since April 1992. On 15 June 2011, it will effectively be replaced by two new standards: (i) a reporting standard for service organisations, the “Statement on Standards for … Continue Reading
Google has consented to the entry of a proposed Agreement Containing Consent Order with the US Federal Trade Commission, subjecting the company to sweeping government oversight of its privacy disclosure and product development and release practices, nominally arising out of the roll-out of its Buzz product in February 2010. The auditing and reporting requirements are … Continue Reading
On October 28, 2010, the Payment Card Industry Data Security Standard (PCI DSS) 2.0 was released. There are no new requirements, mostly the PCI Security Standard Council (“Council”) made wording clarifications throughout the 12 existing requirements. These changes go into effect January 1, 2011, but merchants don’t have to be compliant with them until December … Continue Reading
Illinois recently enacted the Employee Credit Privacy Act (“ECPA” or the “Act”), which prohibits employers from recruiting and hiring applicants based on such individuals’ credit histories or credit reports. The Act, which was adopted on August 11, 2010 and will take effect on January 1, 2011, generally prohibits employers from inquiring about an applicant’s or … Continue Reading
