April 19, 2021

Volume XI, Number 109


April 16, 2021

Subscribe to Latest Legal News and Analysis

New Focus and Compliance Approach Needed for Privacy and Cybersecurity

In 2020, we saw an increased regulatory focus on cybersecurity. Though former SEC Chairman Clayton largely took the view that existing statutes and regulations were sufficient, the Division of Examinations increased exam activities in the space while agencies like FinCEN increased enforcement against violators. We can expect to see a continued focus on cybersecurity going forward, but it is unclear seen whether it will remain among the top priorities of the SEC. As set forth in Risk #1, we believe that the presumptive Chairman, Gary Gensler, will take a more active approach generally and, as part of that, we expect a heightened focus on cybersecurity. Sponsors are a theoretically high value target for attack because even relatively small sponsors often control billions of dollars (whether directly or indirectly) and have highly confidential information concerning their investors and partners. It is important that sponsors’ commitment to, and investment in, cybersecurity systems, policies, and procedures is commensurate with their risks and profile in fact. State voters have also increased their focus on cybersecurity and privacy. The California Consumer Privacy Act of 2018 (“CCPA”) became operative on January 1, 2020, requiring qualifying businesses to enable consumers to know about and control the information collected about them. In November 2020, California voters passed the California Privacy Rights Act of 2020 (“CPRA”) in an effort both to expand and strengthen the scope of the CCPA.  (The CPRA will become operative on January 1, 2023.) Because both the CCPA and CPRA define consumers and businesses broadly, private investment funds and their sponsors and managers may be considered “qualifying businesses” and information they collect and use about their employees, job applicants, investors, and prospective investors (including KYC information) residing in California could be subject to either or both of the acts.

Overseas, now that the UK has left the EU, funds that operate in London and across the EU bloc must use a suitable route for the transfer of personal data. Thankfully, on February 19, 2021, the European Commission published a draft decision that the UK has an adequate level of protection for personal data (the UK has already made the reciprocal determination and has adopted the EU’s General Data Protection Regulation (GDPR) into national law). The next step is for the draft adequacy decision to be approved by the Member States.

Funds with data flows the EU/UK and between the US lost the protection of the EU-US Privacy Shield in mid-2020 so they will need to use one of the appropriate safeguards to transfer personal data – e.g., standard contractual clauses (SCCs) (for intragroup or third party transfers) or binding corporate rules (for intragroup transfers) – or else rely upon one of the applicable derogations. Funds must also have “appropriate supplementary measures” in place so that personal data transferred outside of the EU/UK is protected in any third country to the same extent as it would be under the GDPR.

Areas to watch in 2021 include possible divergence between interpretation of UK-GDPR and EU-GDPR, updates to SCCs that may require funds to replace existing clauses, and further guidance on appropriate supplementary measures.

Read more of our Top Ten Regulatory and Litigation Risks for Private Funds in 2021.

© 2021 Proskauer Rose LLP. National Law Review, Volume XI, Number 98



About this Author

Margaret A Dale, Commercial Litigation, Proskauer Rose Law Firm

Margaret Dale is a Partner in the Litigation Department, resident in the New York office. Her practice focuses on commercial litigation, including class action defense, as well as intellectual property, privacy and data security, corporate governance litigation, securities litigation, and regulatory and internal investigations. She also represents and counsels clients in art law matters. 

Michael R. Hackett, Litigation Attorney, Proskauer Law Firm

Michael R. Hackett is an associate in the Litigation Department and a member of the Asset Management Litigation practice. His practice focuses on disputes and regulation involving private funds, including private equity, venture capital, hedge, real estate and private credit funds, as well as other limited partnerships, where he regularly advises funds, fund sponsors, investment advisers and institutional and individual investors.

Mike’s experience representing private fund clients runs the gamut, from control contests within advisers, to...

Kirsten Lapham FInancial Services Attorney Proskauer Rose Law Firm, United Kingdom

Kirsten Lapham is a partner specialising in financial services regulation. She advises a broad range of both institutional and individual clients on a variety of financial services regulatory and compliance issues. Her practice has a specific emphasis on the regulatory issues arising under the AIFMD, and MiFID II for a range of EU and indirectly impacted firms outside of the EU.

Experience in this area includes advising multiple clients on the EU marketing and registration regimes and overlaying local regulatory considerations, such as the U.K. retail distribution...

William Komaroff Litigation White Collar Attorney Proskauer Law Firm New York

Bill Komaroff is a partner in the Litigation Department and White Collar Practice Group. He has a nationwide federal practice focused on corporate defense and investigations, counseling and defending institutional and individual clients in connection with a broad array of complex government investigations, prosecutions and civil disputes.

Bill also has served as a member of the Criminal Justice Act Panel for the District Court for the Southern District of New York.

From 2003 to 2007, Bill served as an Assistant U.S....

Timothy W. Mungovan, Litigation Attorney, Proskauer Law Firm

Timothy Mungovan is a Partner in the Litigation Department, co-head of the Private Investment Funds Disputes practice and a member of the Private Investment Funds Group. Tim has an international practice in complex commercial litigation, advising public and private companies in a variety of areas, including securities, corporate governance, fiduciary obligations, investment management and financial services, fraud and trade secrets.

In addition to his regular commercial litigation practice, Tim focuses on disputes involving private investment...

617-526-9412, 212-969-3201