Aravind Swaminathan Weighs in on Proposed Cybersecurity Regulations for Financial Institutions

Global Investigations Review
September.23.2016

Aravind Swaminathan, global co-chair of Orrick’s Cybersecurity & Data Privacy team, recently spoke with Global Investigations Review regarding new plans proposed by New York’s Department of Financial Services that will require financial institutions to report cybersecurity breaches within 72 hours. These new regulations, if adopted, will go into effect January 1, 2017.

According to Aravind, “These are sophisticated regulators, and so we expect that they will understand you can’t have all the facts in 72 hours; it’s just not reasonable or frankly possible. I think they’ll be looking for early notification and an early assessment of what has happened. The key is conducting your investigation in that timeframe to get as much of the information as they are going to want to know.”

He also noted, “When you’re trying to prove negligence, it’s hard to do when there is no clear established standard of care to point to. But where there are requirements mandated by a rule or regulation, those requirements operate as a de facto standard; when companies don’t adhere to them, it makes it easy for plaintiffs to bring a case.”

Aravind added that the rules will require companies to have a much clearer understanding of where their data is held, and how to access it in the event of a breach.

Related Lawyers

Aravind Swaminathan Partner, Cyber, Privacy & Data Innovation, Class Action Defense

Seattle; Boston

See my bio

Practice:

Finance Sector
Technology & Innovation Sector
Cyber, Privacy & Data Innovation
Class Action Defense
White Collar, Investigations, Securities Litigation & Compliance
Government Investigations and Enforcement Actions
Trials
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Aravind Swaminathan Partner

Seattle; Boston

A leading cybersecurity and online safety authority, Aravind is recognized by Chambers USA in Privacy and Data Security in both Litigation and Incident Response. Clients describe him as “a very talented lawyer experienced with incident responses” and “incredibly responsive and technically savvy.”

Aravind’s deep knowledge of his clients’ business objectives and technological capabilities distinguishes him as a strategic advisor and frontline crisis responder. He advises some of the world’s leading online platforms, public and private financial institutions, tech companies, higher education institutions, and critical infrastructure providers on cybersecurity, and their obligations to monitor and remove harmful or illegal content online and root out instances of child exploitation.

He is adept at guiding companies through cybersecurity incidents, having directed more than 500 data breach investigations, including enterprise-wide network intrusions to cyberattacks with national security implications. Aravind defends clients in an array of cybersecurity and privacy class actions and regulatory enforcement actions brought by the SEC, FTC, NY DFS and State AGs, and also represents individual C-level executives in criminal and civil regulatory enforcement matters.

As a former assistant United States attorney, he investigated and prosecuted a broad array of cybercrime, child exploitation cases, digital crimes, and white-collar crime cases. This first-hand knowledge of federal agencies allows him to navigate the system, partner with investigators and find creative solutions for clients.

Aravind is a member of Orrick’s Board of Directors, and he devotes much of his free time to advising independent schools on AI, online safety, and cybersecurity, and teaching and coaching.

Related Areas

Markets

Seattle