So far 2018 has been a whirlwind of cyber regulatory activity, from the commencement of GDPR to new state-law data breach requirements to the New York State Department of Financial Services first compliance self-certification deadline. The complexity of the cyber legal landscape is only increasing, and in an effort to keep our clients ahead of the regulatory curve, the HSE Privacy and Data Security team has been on the road, spreading the word about cyber regulatory risk.
New Suit by Delta Reminds Everyone About the Importance of Data Security Protection in the Context of Third-Party Service Provider Relationships
On May 7th, the IRS introduced a new platform that will allow access to tax-exempt organizations’ public information more quickly and easily (See IRS-2018-116.) The Tax Exempt Organization Search (TEOS) replaces the old platform, EO Select Check. On TEOS, images of Form 990 recently filed will be available for the first time.
On April 24, 2018 the Securities and Exchange Commission (“SEC”) announced a settlement with Altaba, Inc., formerly Yahoo! Inc., for misleading investors by failing to disclose a data breach in which Russian hackers stole data for hundreds of millions of Yahoo accounts. This settlement and penalty, the first by the SEC following a data breach, comes in the wake of recent SEC guidance on cybersecurity risks and disclosures.
Under the Tax Cuts and Jobs Act, a new excise tax applies to compensation in excess of $1 million paid to any of the five most highly-compensated employees of an exempt organization as well as certain separation payments made to these individuals (roughly equal to three times base salary). It’s unclear, however, whether these apply to public colleges and universities.