The recent Federal Trade Commission (FTC) amendment adds a new security breach reporting requirement to the Gramm–Leach–Bliley Act (GLBA) Safeguards Rule. The Safeguards Rule is a regulatory framework that mandates financial...more
On May 14, the FTC published a business blog post announcing the Safeguards Rule, an amendment to the GLBA, is in effect as of May 13. The Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction...more
Orrick Partner Beth McGinn joins RegFi co-hosts Jerry Buckley and Sasha Leonhardt for our second episode focused on the proposed American Privacy Rights Act and its potential impact on the financial services industry. Beth...more
With the first month of 2024 now behind us, it is time for organizations to start seriously considering key comprehensive state data privacy compliance obligations for 2024. In total, seven states passed data privacy laws...more
Key Point: The Federal Trade Commission (FTC) has amended the Safeguards Rule to require non-banking financial institutions to inform the FTC within 30 days of discovering any unauthorized acquisition of unencrypted customer...more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11. Tennessee joins a growing...more
On Wednesday February 1, 2023, the NAIC Privacy Protections Working Group (the Working Group) released a draft of a new model law for comment, the Insurance Consumer Privacy Protection Model Law (#674) (the Proposal), which...more
Recently, the CFPB released an outline of proposed measures related to the Bureau’s Dodd-Frank Section 1033 rulemaking efforts that would allow consumers to take control of their personal financial data and determine which...more
On August 11, 2022, the Federal Trade Commission (FTC) issued an Advance Notice of Proposed Rulemaking (ANPR), titled “Trade Regulation Rule on Commercial Surveillance and Data Security”. The wide-ranging ANPR seeks feedback...more
The financial technology (“Fintech”) industry has boomed over the last decade, from the rise of mobile payment apps, robo-advisers, lending platforms, consumer-friendly brokerages to cryptocurrency trading platforms. By their...more
Facial recognition technology, drones the size of a butterfly, secure microchips replacing magnetic stripes on credit cards, sensors the size of a grain of sand swallowed by patients that transmit data directly to the...more
Following a 3-2 vote, the Federal Trade Commission (FTC) recently announced amendments to the Safeguards Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule was first promulgated in 2002. The revisions are meant to...more
Until now, companies primarily regulated by the Federal Trade Commission (FTC) were given only vague directives to implement systems sufficient to safeguard customer data, coupled with FTC “recommendations” as to best...more
Purpose and Background of the GLBA - The Gramm-Leach-Bliley Act (“GLBA”), also known as the Financial Services Modernization Act of 1999, is a federal statute enacted by Congress in 1999 that requires financial...more
The Gramm-Leach-Bliley Act (GLBA) is a federal law that establishes various legal requirements for companies that qualify as “financial institutions” under the Act. The GLBA’s definition of a “financial institution” is...more
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits. On March 11, 2021, Utah governor Spencer Cox signed the...more
An oft-used business management concept is to “hire people smarter than you.” The concept also applies to hiring vendors – hire vendors that are better than you (especially when it comes to information security). ...more
The FTC recently settled with Ascension Data & Analytics for failure to oversee service providers. Ascension provides services to mortgage companies within its corporate family of entities. According to the complaint,...more
On October 22, 2020, the CFPB issued an advance notice of proposed rulemaking (ANPR) soliciting comments on implementation of Section 1033 of the Dodd-Frank Act. As outlined in the ANPR, Section 1033 will require consumer...more
Businesses collecting personal information from New York residents will soon be expected to apply enhanced data security requirements. The New York SHIELD Act, signed into law in July 2019, expanded breach notice requirements...more
Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the...more
To stay ahead of the new privacy and data security requirements, such as CCPA and recent data security state laws, insurers need to take steps now to navigate the increasingly complex regulatory landscape. This article...more
New York State has enacted S5575, the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”). This new law amends New York General Business Code 899-aa and adds Section 899-bb to significantly expand consumer...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Director Discusses Future Development of Cybersecurity Framework - On March 4, the director of the National Institute of Standards and Technology...more