On November 28, 2023, the New York Department of Financial Services announced that First American Title Insurance Company, the second-largest title insurance company in the United States, would pay a $1 million penalty for violations of the NYDFS Cybersecurity Regulation in connection with a 2019 data breach.
Continue Reading New York Department of Financial Services Reaches $1 Million Dollar Settlement With First American Title Insurance in Data Breach Investigation
Financial Privacy
NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats
On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services amended its Cybersecurity Regulation applicable to covered financial institutions. …
Continue Reading NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats
CFPB Proposes New Rule on Personal Financial Data Rights
On October 19, 2023, the Consumer Financial Protection Bureau proposed a new rule that would provide consumers with more control over their financial information and impose certain requirements. …
Continue Reading CFPB Proposes New Rule on Personal Financial Data Rights
FTC Amends Safeguards Rule to Require Certain Financial Institutions to Report Data Security Breaches
On October 27, 2023, the Federal Trade Commission announced that it has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches to the FTC. …
Continue Reading FTC Amends Safeguards Rule to Require Certain Financial Institutions to Report Data Security Breaches
NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation
On June 28, 2023, the New York Department of Financial Services published an updated proposed Second Amendment to its Cybersecurity Regulation, 23 NYCRR Part 500.
Continue Reading NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation
FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships
On June 6, 2023, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System and the Office of the Comptroller of the Currency issued their final Interagency Guidance on Third-Party Relationships. …
Continue Reading FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships
SEC Advances Three New Cybersecurity Rule Proposals
On March 15, 2023, the Securities and Exchange Commission proposed three rules related to cybersecurity and the protection of consumers’ information.
Continue Reading SEC Advances Three New Cybersecurity Rule Proposals
SEC Brings Cyber Disclosure Enforcement Action
On March 9, 2023, the U.S. Securities and Exchange Commission announced settled administrative charges against Blackbaud Inc.
Continue Reading SEC Brings Cyber Disclosure Enforcement Action
NCUA Board Approves Cyber Incident Reporting Requirement for Credit Unions
On February 16, 2023, the National Credit Union Administration Board unanimously approved a final rule requiring federally insured credit unions to notify the NCUA as soon as possible, within 72 hours, after the FCIU “reasonably believes” that a reportable cyber incident has occurred.
Continue Reading NCUA Board Approves Cyber Incident Reporting Requirement for Credit Unions
Bill to Amend the Gramm-Leach-Bliley Act Introduced to Congress
On February 24, 2023, Representative Patrick T. McHenry of North Carolina introduced a bill proposing the creation of the Data Privacy Act of 2023. …
Continue Reading Bill to Amend the Gramm-Leach-Bliley Act Introduced to Congress