In Harvard Corporate Governance Blog Post, Akin Gump Lawyers Offer Lessons for Private Fund Managers Following SEC Cyber Enforcement Actions

Harvard Law School Forum on Corporate Governance has published the article "SEC Cyber Enforcement Actions: Lessons for Private Fund Managers." Written by Akin Gump investment management partner Jason Daniel, cybersecurity, privacy and data protection practice co-head Natasha Kohne, and senior practice attorney Jenny Walters, the article offers some tips for investment advisers following recent enforcement actions by the Securities and Exchange Commission (SEC) for alleged cybersecurity failures involving cloud-based email systems.

The article, first published as an Akin Gump client alert, notes that in each of the actions, "cloud-based email accounts of firm personnel were taken over by unauthorized third parties." The SEC, the authors write, "found that these breaches compromised or potentially compromised the personally identifying information (PII) of thousands of clients."

The advisers in each instance were charged with violating the Safeguards Rule, which requires every registered investment adviser to adopt certain written policies and procedures to prevent such breaches from occurring. The authors state that the enforcement actions "send strong messages regarding compliance and implementation of cybersecurity policies and procedures, particularly related to cloud-based storage, the need to enable [multi-factor authentication] on cloud-based email accounts, and the prohibition on making misleading statements in breach notices."

To read the article in its entirety, and for some actionable lessons for private fund managers, please click here.