Under the Tax Cuts and Jobs Act, a new excise tax applies to compensation in excess of $1 million paid to any of the five most highly-compensated employees of an exempt organization as well as certain separation payments made to these individuals (roughly equal to three times base salary). It’s unclear, however, whether these apply to public colleges and universities.
New Suit by Delta Reminds Everyone About the Importance of Data Security Protection in the Context of Third-Party Service Provider Relationships
On March 14, 2018, the Department of Justice (“DOJ”) and Securities and Exchange Commission (“SEC”) announced parallel criminal and civil charges against Jun Ying, the former Chief Information Officer of Equifax’s United States Information Systems, for selling his shares of Equifax stock before Equifax publicly announced that it had suffered an immense data breach. These charges come in the wake of recent SEC guidance on ensuring corporate insiders do not trade in securities while in possession of material nonpublic information about cybersecurity incidents.
Adding to the chorus (or cacophony) of regulatory voices on the cybersecurity front, the SEC has recently issued new interpretive guidance concerning cybersecurity-related disclosures that public companies are required to make under federal securities laws.
Last week, NYS DFS began sending out e-mail notices to individuals stating that they had failed to comply with the Certification of Compliance requirement under 23 N.Y.C.R.R. § 500.17(b), which mandates that a Covered Entity under the regulations certify compliance annually. The deadline for certification was February 15, 2018.