On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
Financial Privacy
SEC Fines Morgan Stanley $35 Million for Alleged Failure to Protect Customer Data
On September 20, 2022, the U.S. Securities and Exchange Commission announced that Morgan Stanley Smith Barney agreed to pay a $35 million fine for the firm’s alleged failure to adequately protect the personal information of approximately 15 million customers.
Continue Reading SEC Fines Morgan Stanley $35 Million for Alleged Failure to Protect Customer Data
The SEC Charged Several Individuals and Entities in a Fraudulent Hacking Scheme
On August 16, 2022, the Securities and Exchange Commission charged 18 individuals and entities in relation to their involvement in a fraudulent hacking scheme. …
Continue Reading The SEC Charged Several Individuals and Entities in a Fraudulent Hacking Scheme
New CFPB Interpretive Rule Targets Digital Marketing Providers
On August 10, 2022, the Consumer Financial Protection Bureau issued a new interpretive rule clarifying when digital marketing providers must comply with federal consumer financial protection law. Under the new rule, Big Tech companies that use behavioral advertising techniques to market financial products will be subject to the Consumer Financial Protection Act of 2010. …
Continue Reading New CFPB Interpretive Rule Targets Digital Marketing Providers
Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs
On July 29, 2022, the New York Department of Financial Services posted proposed amendments to its Cybersecurity Requirements for Financial Services Companies. This blog entry provides highlights of the amendments.
Continue Reading Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs
NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. …
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
President Biden Issues Executive Order on Digital Assets
On March 9, 2022, the Biden Administration released its much-anticipated “Executive Order on Ensuring Responsible Development of Digital Assets”. …
Continue Reading President Biden Issues Executive Order on Digital Assets
FTC Puts Companies on Notice that Failure to Identify and Patch Instances of Log4j May Violate FTC Act
On January 4, 2022, the Federal Trade Commission published a blog post reminding companies that “the duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act,” in response to Log4Shell’s public disclosure of the Log4j vulnerability.
Continue Reading FTC Puts Companies on Notice that Failure to Identify and Patch Instances of Log4j May Violate FTC Act
SEC Proposes New Cybersecurity Rules for Investment Managers
On February 9, 2022, the SEC proposed new cybersecurity compliance and disclosure rules for the investment management industry in a three to one vote.
Continue Reading SEC Proposes New Cybersecurity Rules for Investment Managers
FTC Settles with Loan Application Company Over Alleged Misuse of Sensitive Personal Information
Earlier this month, the Federal Trade Commission reached a $1.5 million settlement with loan application company ITMedia Solutions LLC over alleged violations of the FTC Act and Fair Credit Reporting Act. The FTC alleged that ITMedia deceptively acquired and indiscriminately shared consumers’ sensitive personal information under the guise of connecting them with lenders.
Continue Reading FTC Settles with Loan Application Company Over Alleged Misuse of Sensitive Personal Information