On December 4, 2018, the Federal Trade Commission published a notice in the Federal Register indicating that it is seeking public comment on whether any amendments should be made to the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule”) and the duties of card issuers regarding changes of address (“Card Issuers Rule”) (collectively, the “Identity Theft Rules”). The request for comment forms part of the FTC’s systematic review of all current FTC regulations and guides. These periodic reviews seek input from stakeholders on the benefits and costs of specific FTC rules and guides along with information about their regulatory and economic impacts.
As reported on the Blockchain Legal Resource, California Governor Jerry Brown recently signed into law Assembly Bill No. 2658 for the purpose of further studying blockchain’s application to Californians. In doing so, California joins a growing list of states officially exploring distributed ledger technology. Continue Reading California Enacts Blockchain Legislation
As reported on the Insurance Recovery Blog, Hunton Andrews Kurth insurance practice head Walter Andrews recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach. Continue Reading Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute
Effective September 21, 2018, Section 301 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (the “Act”) requires consumer reporting agencies to provide free credit freezes and year-long fraud alerts to consumers throughout the country. Under the Act, consumer reporting agencies must each set up a webpage designed to enable consumers to request credit freezes, fraud alerts, extended fraud alerts and active duty fraud alerts. The webpage must also give consumers the ability to opt out of the use of information in a consumer report to send the consumer a solicitation of credit or insurance. Consumers may find links to these webpages on the Federal Trade Commission’s Identity Theft website.
The Act also enables parents and guardians to freeze their children’s credit if they are under age 16. Guardians or conservators of incapacitated persons may also request credit freezes on their behalf.
Section 302 of the Act provides additional protections for active duty military. Under this section, consumer reporting agencies must offer free electronic credit monitoring to all active duty military.
For more information, read the FTC’s blog post.
On June 25, 2018, the New York Department of Financial Services (“NYDFS”) issued a final regulation (the “Regulation”) requiring consumer reporting agencies with “significant operations” in New York to (1) register with NYDFS for the first time and (2) comply with the NYDFS’s cybersecurity regulation. Under the Regulation, consumer reporting agencies that reported on 1,000 or more New York consumers in the preceding year are subject to these requirements, and must register with NYDFS on or before September 1, 2018. The deadline for consumer reporting agencies to come into compliance with the cybersecurity regulation is November 1, 2018. In a statement, Governor Andrew Cuomo said, “Oversight of credit reporting agencies ensures that the personal private information of New Yorkers is less vulnerable to the threat of cyber attacks, providing them with peace of mind about their financial future.”
On July 1, 2018, HB 183, which amends Virginia’s breach notification law, will come into effect (the “amended law”). The amended law will require income tax return preparers who prepare individual Virginia income tax returns to notify the state’s Department of Taxation (the “Department”) if they discover or are notified of a breach of “return information.” Under the amended law, “return information” is defined as “a taxpayer’s identity and the nature, source, or amount of his income, payments, receipts, deductions, exemptions, credits, assets, liabilities, net worth, tax liability, tax withheld, assessments, or tax payments.” Continue Reading Virginia Amends Breach Notification Law Applicable to Income Tax Information
On March 20, 2018, the Financial Stability Board (“FSB”) delivered a note to finance ministers and central bank governors from the world’s top 20 economic powers, known as the G-20. The note provides a progress update on the FSB’s work to develop a common vocabulary of cyber terms. Continue Reading Financial Stability Board to Develop International Cybersecurity Lexicon
On February 27, 2018, the Federal Trade Commission (“FTC”) announced an agreement with PayPal, Inc., to settle charges that its Venmo peer-to-peer payment service misled consumers regarding privacy and the extent to which consumers’ financial accounts were secured. This is the second significant FTC settlement in the past three months that addressed these issues, following the FTC’s action against TaxSlayer, Inc. and signals a renewed focus by the FTC on violations of the Gramm-Leach-Bliley Act’s (“GLBA’s”) Privacy and Safeguards Rules. Continue Reading FTC Announces Settlement for Venmo’s Alleged Violations of the GLBA’s Privacy and Safeguards Rules
On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018. Covered entities must file the certification, which covers the 2017 calendar year, at the NYDFS online portal. Continue Reading NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline
On November 8, 2017, the FTC announced a settlement with Georgia-based online tax preparation service, TaxSlayer, LLC (“TaxSlayer”), regarding allegations that the company violated federal rules on financial privacy and data security. According to the FTC’s complaint, malicious hackers were able to gain full access to nearly 9,000 TaxSlayer user accounts between October 2015 and December 2015. The hackers allegedly used the personal information contained in the users’ accounts, including contact information, Social Security numbers and financial information, to engage in tax identify theft and obtain tax refunds through filing fraudulent tax returns. The FTC charged TaxSlayer with violating the Gramm-Leach-Bliley Act’s Safeguards Rule and Privacy Rule. Continue Reading FTC Announces Settlement with Tax Prep Service over Financial Privacy and Security Violations