There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
9/16/2021
/ Broker-Dealer ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Information Security ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Firms ,
Personally Identifiable Information ,
Phishing Scams ,
Policies and Procedures ,
Regulation S-P ,
Safeguards Rule ,
Sanctions ,
Securities and Exchange Commission (SEC)
In early March, the New York State Department of Financial Services (“NYDFS”) announced a consent order that required Maine-based mortgage servicer Residential Mortgage Services, Inc. (“Residential”) to pay a $1.5 million...more
3/23/2021
/ Banking Sector ,
Business E-Mail Compromise (BEC) ,
Consent Order ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Failure to Report ,
Financial Institutions ,
Financial Services Industry ,
Mortgage Servicers ,
Non-Public Information ,
NYDFS ,
Personally Identifiable Information ,
Sensitive Personal Information
On March 2, 2021, Virginia enacted the Consumer Data Protection Act (“VCDPA”). The VCDPA will become effective January 1, 2023. The VCDPA shares its roots with the California Consumer Protection Act (“CCPA”) and the recently...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Acts ,
Data Security ,
Data Sellers ,
Data-Sharing ,
Enforcement Actions ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information
On December 15, 2020, Ireland’s Data Protection Commission (“DPC”) announced its decision to fine Twitter International Company (“Twitter”) €450,000 for failing to notify the DPC promptly of a data breach affecting EU...more
1/20/2021
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Commissioner ,
Data Security ,
EU ,
Failure to Notify ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Twitter
On November 9, 2020, the Federal Trade Commission (“FTC”) announced a settlement with Zoom Video Communications, Inc. (“Zoom”) to resolve allegations that the company misled customers about steps it had taken to protect...more
11/18/2020
/ Consent Agreements ,
Consent Order ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Settlement ,
Videoconference ,
Virtual Meetings ,
Zoom®
Cybercriminals love a crisis and COVID-19 is no different. In the last several weeks, cyber-crime has increased exponentially as hackers seek to take advantage of the migration to a remote workplace. As cybercriminals seek to...more
4/21/2020
/ Confidential Information ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Passwords ,
Phishing Scams ,
Popular ,
Remote Working ,
Risk Management ,
Videoconference