On December 18, 2020, federal financial regulatory agencies announced a proposed rule that would require “banking organizations” to notify their primary federal regulator within 36 hours following any “computer-security incident” that rises to the level of a “notification incident.” The Proposed Rule also would require service providers to notify at least two individuals at the banking organizations they service immediately after experiencing a computer security incident that materially disrupts, degrades or impairs the services they provide.
Continue Reading Financial Regulators Announce Proposed 36-Hour Notification Requirement for Notification Incidents
Financial Privacy
Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014.…
Continue Reading Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
Consumer Financial Protection Bureau Issues Notice of Proposed Rulemaking Regarding Access to Financial Information
On October 22, 2020, the Consumer Financial Protection Bureau issued a notice of proposed rulemaking to implement Section 1033 of the Dodd-Frank Act regarding consumers’ access to their financial information.…
Continue Reading Consumer Financial Protection Bureau Issues Notice of Proposed Rulemaking Regarding Access to Financial Information
FTC Postpones Safeguards Rule Workshop until July
As part of its regulatory review of the Gramm-Leach-Bliley Act Safeguards Rule, the Federal Trade Commission will hold a workshop, Information Security and Financial Institutions: An FTC Workshop to Examine the Safeguards Rule. The workshop, originally scheduled for May, has been postponed until July 13, 2020.…
Continue Reading FTC Postpones Safeguards Rule Workshop until July
SEC Publishes Cybersecurity and Resiliency Observations
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations recently announced the publication of a report entitled “Cybersecurity and Resiliency Observations” that summarizes the observations gleaned from OCIE’s cybersecurity examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges and other SEC registrants.…
Continue Reading SEC Publishes Cybersecurity and Resiliency Observations
FTC Proposes Changes to GLB Privacy and Safeguards Rules
On March 5, 2019, the Federal Trade Commission announced that it is seeking comment on proposed changes to the FTC’s Safeguards Rule and Privacy Rule under the Gramm-Leach-Bliley Act.…
Continue Reading FTC Proposes Changes to GLB Privacy and Safeguards Rules
EDPB Issues Statement on U.S. Foreign Account Tax Compliance Act
On February 25, 2019, the European Data Protection Board issued a statement regarding the transfer of personal data from Europe to the U.S. Internal Revenue Service for purposes of the U.S. Foreign Account Tax Compliance Act.…
Continue Reading EDPB Issues Statement on U.S. Foreign Account Tax Compliance Act
FTC Seeks Public Comment on Identity Theft Rules
On December 4, 2018, the Federal Trade Commission published a notice in the Federal Register indicating that it is seeking public comment on whether any amendments should be made to the FTC’s Identity Theft Red Flags Rule and the duties of card issuers regarding changes of address.…
Continue Reading FTC Seeks Public Comment on Identity Theft Rules
California Enacts Blockchain Legislation
As reported on the Blockchain Legal Resource, California Governor Jerry Brown recently signed into law Assembly Bill No. 2658 for the purpose of further studying blockchain’s application to Californians. In doing so, California joins a growing list of states officially exploring distributed ledger technology.…
Continue Reading California Enacts Blockchain Legislation
Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute
As reported on the Insurance Recovery Blog, Hunton Andrews Kurth insurance practice head, Walter Andrews, recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.…
Continue Reading Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute