Anjali C. Das Partner





  • Utah Consumer Privacy Act

    Utah Consumer Privacy Act

    March 16, 2022

    The Utah Consumer Privacy Act, once signed into law, will take effect December 31, 2023, and make Utah the fourth state with a comprehensive consumer privacy law. The Act provides consumers with broad protection and rights concerning the collection, use, processing, sharing and sale of their personal information. Businesses that fail to comply may be subject to significant fines and penalties.

  • Ukraine Crisis Increases Supply Chain Cyber Risk

    Ukraine Crisis Increases Supply Chain Cyber Risk

    March 11, 2022

    Last year, cyber threats on global supply chains were in the spotlight following the unprecedented cyber-attacks on Colonial Pipeline, JBS and SolarWinds, attacks that had far-reaching consequences for downstream businesses, customers and individual consumers. The current geopolitical climate and escalating crisis in Ukraine is amplifying concerns about the increased cyber threat to global supply chains already strained by the COVID-19 pandemic..

  • China’s New Personal Information Protection Law

    China’s New Personal Information Protection Law

    December 2, 2021

    China’s new Personal Information Protection Law affords the country’s residents greater protection and rights over their personal data. Domestic and foreign organizations are subject to the heightened requirements, and failure to comply may subject organizations to substantial regulatory fines and penalties, revocation of business licenses, legal action and even personal liability.
  • Mitigating Supply Chain Cyber Risk

    Mitigating Supply Chain Cyber Risk

    October 25, 2021

    Blissful ignorance is not a viable defense to an organization’s third-party cyber risk, and its supply chain is one of the most vulnerable areas when it comes to data security. As ransomware attacks increase, regulators are directing their scrutiny toward companies’ information security programs. While management has responded by increasing their information security program budgets, supply chain risk departments continue to be ignored. Supply chain cyber risk is a large task, but it can be brought under control by focusing on a few key steps to manage third-party risk.

  • Ransom Demands: To Pay or Not to Pay?

    U.S. Treasury Advisory on Cyber Ransom Demands

    September 24, 2021

    On September 21, 2021, the U.S. Department of the Treasury issued an updated advisory cautioning companies against the potential to incur sanctions by making ransom payments to cybercriminals, putting pressure on companies not to pay.

  • New Law Expands California Consumer Privacy Rights and Protections

    California Consumer Privacy Rights & Protections

    August 24, 2021

    Any organization that conducts business in the state of California, collects or processes personal information, and meets one or more select criteria should assess their compliance with the California Privacy Rights Act, set to take effect on January 1, 2023. Failure to comply may subject companies to enforcement actions and stiff fines and penalties by regulators.

  • New York City Introduces Biometric Identifier Information Act

    New York City Biometric Identifier Information Act

    August 18, 2021

    Following in the footsteps of the Illinois Biometric Information Privacy Act, the City of New York has enacted its own Biometric Identifier Information Act. Like its root, this new law is designed to protect and limit the use of consumers’ biometric data, which is highly personal and irreplaceable. Companies that fail to adhere to the new law may be subject to lawsuits and sizeable statutory damages.

  • New York Cracks Down on Cybersecurity Compliance

    New York FAQs on Cybersecurity Compliance

    August 9, 2021

  • Trifecta of New Privacy Laws Protect Personal Data

    Three States’ Privacy Laws Protect Personal Data Rights

    August 3, 2021

    The Colorado Privacy Act and the Virginia Consumer Data Protection Act mimic California privacy laws and the EU General Data Protection Regulation (GDPR) by imposing stringent requirements on companies that collect or process personal data of state residents.

  • U.S. Government Warns Companies of Legal Risk for Paying Ransom to Cybercriminals

    Legal Risk of Paying Ransom to Cybercriminals

    October 6, 2020

    On October 1, 2020, the U.S. Department of the Treasury issued an advisory on potential risks of sanctions for organizations that facilitate ransom payments. Companies, their cyber insurers and third parties that assist in facilitating payments to cybercriminals might be subject to liability and hefty penalties under federal laws.
  • California Consumer Privacy Act: Are You Ready?

    January 3, 2020

    Effective January 1, 2020, the California Consumer Privacy Act (CCPA) recognizes and enforces California consumers’ right to privacy and control over their personal information.
  • Check the boxes to help ensure compliance with HIPAA security and privacy rules!

    December 16, 2019

    As the year draws to a close, it’s an especially good time to review your businesses’ cybersecurity policies and procedures as they relate to electronic protected health information under HIPAA regulations.
  • California Consumer Privacy Act Update: Amendments and Proposed Regulations

    California Consumer Privacy Act Effective January 1: UPDATE

    December 3, 2019

    Public hearings were scheduled for the first week in December to receive comments on proposed regulations to the California Consumer Privacy Act, which goes into effect on January 1, 2020. Written comments will be accepted by the California Attorney General until 5:00 p.m. on December 6, 2019. The final regulations are expected to be released in early 2020 and will be enforced beginning in July 2020.

  • No Damages Required to Sue Under Illinois Biometric Information Privacy Act

    Illinois Biometric Information Privacy Act

    February 20, 2019

    The Illinois Supreme Court gave the state’s Biometric Information Privacy Act more “punch” in a recent opinion holding that an individual does not need to prove harm to recover − a technical violation of the Act is sufficient to constitute standing.

  • Global Privacy Law Update

    July – August 2018

  • Strict Notification & Disclosure Requirements for Government Contractors

    Notification & Disclosure Requirements for Government Contractors

    August 30, 2018

    Businesses that seek to obtain and preserve contracts with the U.S. government, or to deal in certain enumerated defense articles and services, are subject to strict privacy regulations. These include the Defense Federal Acquisition Regulation Supplements, which impose stringent minimum security requirements and reporting obligations, and the International Traffic in Arms Regulations, which contain approval, registration and records maintenance requirements.

  • U.S. Companies Still Grappling with GDPR

    Implications of GDPR for U.S. Companies

    August 21, 2018

    The extra-territorial reach of the EU’s new General Data Protection Regulation means that non-EU companies that collect, store, transfer or otherwise process personal data of EU residents may be required to obtain express consent to use an individual’s personal data, in addition to maintaining internal records of the company’s personal data processing activities. Moreover, companies may have a mere 72 hours to notify EU regulatory authorities of a data breach involving the personal data of EU residents.

  • Uptick in Australian Data Breach Notifications

    Australian Data Breach Notifications Increase

    July 30, 2018

    Under Australia’s Notifiable Data Breach Scheme, organizations, not limited to Australian companies, will be forced to promptly respond to and investigate actual or suspected data breaches concerning personal information. Failure to do so may result in the commencement of a regulatory action and/or the imposition of civil penalties. Companies with potential exposure are encouraged to become familiar with the new legal requirements.

  • Canada’s New Data Breach Notification Law

    Canada’s Personal Information Protection and Electronic Documents Act

    July 23, 2018

    On November 1, 2018, the long-awaited amendments to Canada’s Personal Information Protection and Electronic Documents Act will go into effect. These amendments and related regulations impose new mandatory notification obligations on companies in the event of a breach involving the personal information of Canadians.

  • New Sweeping California Privacy Law

    New Sweeping California Privacy Law

    July 11, 2018

    While the California Consumer Privacy Act does not take effect until 2020, it is likely to spur other states – and perhaps the federal government – to enact broader legislative protections for the collection and use of individuals’ personal information. Meanwhile, all entities that do business in California and collect personal information of Californians should take prompt action to review and revise related assets and materials.

  • Equifax and SEC Breaches Show You Can’t Hide from Hackers

    The Equifax and SEC Breach Impact

    September 28, 2017

    The speed of events and the fast-breaking news on the recent Equifax data breach discovered on July 29, 2017, has gone from bad to worse. An investigation revealed that the incident impacted 143 million consumers’ personally identifiable information, including names, social security numbers, dates of birth and driver’s license numbers.

  • Weapons in the Cyber Defense Arsenal

    Global Cyberattack Readiness

    May 22, 2017

    The world recently experienced an unprecedented global cyberattack that targeted the public and private sectors, encrypting and locking electronic files. So far, it is estimated that hundreds of thousands of entities worldwide were victims of WannaCry ransomware; and just as WannaCry is subsiding, a new attack, Adylkuzz, is taking its place, crippling computers by diverting their processing power. Now the world needs to begin building a Cyber Defense Arsenal.

  • Update from Wilson Elser’s D&O Insurance Digest

    Update from Wilson Elser’s D&O Insurance Digest

    October 20, 2015

    Wilson Elser Chicago partner Anjali Das has compiled a roundup of recent news, including litigation and mega settlements, developments in Delaware D&O law, D&O cyber liability, and recent D&O insurance coverage decisions.

  • SEC Steps Up Cybersecurity Enforcement

    SEC Steps Up Cybersecurity Enforcement

    October 6, 2015

    In what appears to be an all-out assault on lax cybersecurity, the SEC has issued a new Alert in connection with its cybersecurity examination of Wall Street firms, entered a Cease and Desist Order against a firm for failing to adopt written policies or procedures to protect customer information, and issued an Investor Alert that highlights actions individuals should take if their personal information is compromised.

  • A Guide to Cyber Coverage

    Insurance Coverage, Vol. 24, No. 4 | ABA Section of Litigation

    July-August 2014

  • SEC Polices Cybersecurity on Wall Street

    SEC Polices Cybersecurity on Wall Street

    June 4, 2014

    The SEC’s new disclosure guidance was intended to bring greater awareness and transparency to actual or potential cybersecurity risk that might be considered material to investors. However, the SEC has acknowledged that this guidance alone might not be sufficient to address investor concerns.

  • Google and the Great Divide: U.S. Privacy Rights versus EU Privacy Rights

    Court of Justice: U.S. versus EU Privacy Rights

    June 2, 2014

    On May 13, 2014, the Court of Justice of the European Union found that an individual has the right to demand that Google remove links about him that he claimed were old and irrelevant. But which approach is best – the right to be forgotten or the right to know? The “right to be forgotten” as currently described by the Court of Justice could create a clash between freedom of speech, which is supported in the United States, and the EU’s broader concept of privacy.

  • Data Breach and Privacy Update

    Spring 2013

  • D&Os in Cyberspace: SEC Endorses Social Media for Corporate Communications with Investors

    Corporate Communications with Investors @ Facebook?

    April 9, 2013

    Companies that plan to use social media to communicate material corporate information to investors should make sure they have effective policies, controls and safeguards in place to mitigate potential risk for violations of securities or other laws.

  • Supreme Court's New Ruling May Bolster Defense of Data Breach and Privacy Cases

    U.S. Supreme Court Upholds Strict Article III Standing in Privacy Case

    March 25, 2013

    The U.S. Supreme Court’s reaffirmation of heightened standards for future harm may significantly aid corporations in obtaining dismissals for data security and cyber beach lawsuits where plaintiffs frequently cannot show that their personal information will subject them to identity theft or be used in a manner to cause them some other concrete financial harm.

  • FCPA: Defining D&O M&A Liability for Violations

    Foreign Corrupt Practices Act

    December 19, 2012

    The long-awaited Guidance on potential violations of the Foreign Corrupt Practices Act may provide some relief and useful tips for directors and officers of companies that have been increasingly concerned about potential exposure for successor liability emanating from FCPA violations by the acquired entity. 

  • Foreign Corrupt Practices Act Gives Rise to D&O Claims

    Financial Fraud Law Report

    October 2012

  • Foreign Corrupt Practices Act Gives Rise to D&O Claims

    June 13, 2012

    Walmart is the latest high-profile target of a string of D&O claims involving the increasingly enforced Foreign Corrupt Practices Act. The SEC and DOJ have maintained an aggressive stance on FCPA violations and enforcement actions, which can lead to shareholder derivative civil actions.
  • Claims Against China-Based Reverse Merger Companies: A Tempest in a Teapot of Gunpowder or Green Tea?

    July 2011

    Many China-based issuers have been targeted by regulators and investors alike for purported securities and accounting fraud that could ultimately cost D&O insurers millions in losses.
  • D&O Insurers Be Aware: U.K. Bribery Act Takes Effect on July 1

    June 2011

    In light of the potential long arm of the Bribery Act, directors and officers (“D&O”) liability carriers should familiarize themselves with the potential increased exposure to their insureds. In addition, D&O insurers would be well advised to consider potential coverage issues under their policies for claims and investigations under the Bribery Act.
  • New FDIC Lawsuits Attack Former Bank D&Os

    May 2011

    Many financial industry insiders and their insurers have been wondering where the Federal Deposit Insurance Corporation (FDIC) has been during the recent financial industry meltdown. As the appointed receiver of failed banks that are federally insured, the FDIC is expected to be at the forefront of litigation against the directors and officers (D&Os) of failed financial institutions.

  • Impact of Dodd-Frank Act on D&O Liability: Corporate Governance, Compensation, Claw-Backs and More

    November 2010

    Recently enacted sweeping financial legislation embodied in the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Act) creates new concerns for directors and officers of all public companies – not just financial institutions.  D&Os will be subject to heightened public and regulatory scrutiny in connection with corporate governance and executive compensation.  Broad disclosure requirements regarding executive pay, coupled with potentially enormous financial incentives to corporate whistle-blowers, could lead to increased liability exposure for D&Os and their insurers.

  • Delaware decisions reduce hurdles to defending D&O claims

    September 2009

    A typical claim targeting directors and officers ("D&Os") in the context of a merger or acquisition is that the D&Os breached their fiduciary duties of care and loyalty by failing to get the best deal for shareholders.  However, in a boon to D&Os and their insurers, several recent Delaware court decisions have made it easier for defendants to successfully defend these types of claims.

Additional Publications

“SEC and Other U.S. Exchanges Crack Down on Chinese and Other Reverse Merger Companies,” D&O Diary Blog, November 2011.
Claims Against China-Based Reverse Merger Companies: A Tempest in a Teapot of Gunpowder Green Tea?,” Wilson Elser Client Alert, July 2011.
“D&O Insurers Be Wary: U.K. Bribery Act Takes Effect July 1,” PLUS Journal, July 2011.
“New FDIC Lawsuits Attack Former Bank Directors and Officers,” Wilson Elser Client Alert, May 2011.
“Impact of Dodd-Frank Act on D&O Liability: Corporate Governance, Compensation, Clawbacks and More,” Wilson Elser Client Alert, November 2010.
“D&O Settlements: Straight or Crooked?,” Wilson Elser Client Alert, 2009.
“Recent Delaware Decisions Reduce Hurdles in Defending D&O Claims,” Wilson Elser Client Alert, September 2009.
“Ninth Circuit Holds that Insured v. Insured Exclusion in D&O Policy is not ‘Gobbledygook’,” Wilson Elser Client Alert, 2009.
“The ABCs of D&O Insurance,” Illinois Bar Journal, June 2005.
“Developments in Delaware D&O Indemnification Law,” Andrews Corporate Officers and Directors Litigation Reporter, February 2005.
“D&O Insurers Personally Profit,” PLUS Journal, December 2004.