On September 22, 2015, the Securities and Exchange Commission announced a settlement order with an investment adviser for failing to establish cybersecurity policies and procedures, and published an investor alert entitled Identity Theft, Data Breaches, and Your Investment Accounts.… Continue Reading
On August 24, 2015, the Third Circuit issued its opinion in Federal Trade Commission v. Wyndham Worldwide Corporation, affirming the Federal Trade Commission's authority to regulate companies' data security practices under the unfairness prong of Section 5 of the FTC Act.… Continue Reading
On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading
On March 3, 2015, the Third Circuit heard oral arguments in FTC v. Wyndham Worldwide Corp. on whether the FTC has the authority to regulate private companies’ data security under Section 5 of the FTC Act.… Continue Reading
On February 27, 2015, the White House released a highly-anticipated draft of the Consumer Privacy Bill of Rights Act of 2015 that seeks to establish baseline protections for individual privacy in the commercial context and to facilitate the implementation of these protections through enforceable codes of conduct.… Continue Reading
On January 12, 2015, Senator James Merritt (R-Indianapolis) introduced a new security breach bill that would impose substantial new privacy obligations on companies holding the personal data of Indiana residents.… Continue Reading
On October 20, 2014, the Consumer Financial Protection Bureau announced that it has finalized a rule that enables financial institutions to publish their financial privacy notices online instead of mailing them to their customers.… Continue Reading
On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The law will take effect on January 1, 2015.… Continue Reading
On May 6, 2014, the Consumer Financial Protection Bureau announced a new proposed rule that would permit certain financial institutions to post online privacy notices instead of mailing them annually to customers as required under the Gramm-Leach-Bliley Act.… Continue Reading
On November 7, 2012, the Federal Trade Commission settled charges with payday lending and check cashing companies alleged to have improperly disposed of consumers’ financial information in unsecured dumpsters. … Continue Reading
On October 26, 2012, the Federal Trade Commission finalized its settlement agreements with two businesses that allegedly exposed thousands of customers’ sensitive personal information by allowing peer-to-peer file-sharing software to be installed on their company computer systems.… Continue Reading
Earlier this year, the Consumer Financial Protection Bureau published a Bulletin signaling its intent to regulate and exercise enforcement authority over service providers to financial institutions.… Continue Reading
On June 15, 2012, Connecticut Governor Dannel Malloy approved amendments to the state’s breach notification law requiring businesses to notify the state Attorney General in the event of a data security breach. One week later, Senator Pat Toomey (R-PA) introduced the Data Security and Breach Notification Act of 2012 in an effort to create a national breach notification standard.… Continue Reading
On June 7, 2012, the Federal Trade Commission announced settlement agreements with two businesses for allegedly compromising the security of consumer personal information by allowing peer-to-peer file-sharing software to be installed on company computers. One of the companies also was charged with violations of the GLB Safeguards Rule and Privacy Rule.… Continue Reading
On June 13, 2011, Representative Mary Bono Mack released a discussion draft of of the Secure and Fortify Data Act, which would establish federal data security and breach notification requirements.
… Continue Reading
On February 11, 2011, California Representative Jackie Speier introduced the Do Not Track Me Online Act of 2011, which would direct the FTC to establish standards for a "Do Not Track" mechanism, and the Financial Information Privacy Act of 2011, which would strengthen regulations related to the disclosure of nonpublic personal information.
… Continue Reading
On December 10, 2010, Senior Advisor to U.S. Senator John Kerry, Daniel Sepulveda, provided a briefing on Senator Kerry's forthcoming privacy legislation, which aims to establish a regulatory framework for the comprehensive protection of personal data that authorizes rulemakings by the Federal Trade Commission.
… Continue Reading
On October 27, 2010, the U.S. Commodity Futures Trading Commission issued two notices of proposed rulemaking, citing GLB privacy rules and the FCRA's marketing and data disposal rules.
… Continue Reading
Cloud computing raises complex legal issues related to privacy and information security. As legislators and regulators around the world grapple with the privacy and data security implications of cloud computing, companies seeking to implement cloud-based solutions should closely monitor this rapidly evolving legal landscape for developments. In an article published on February 3, 2010, Lisa … Continue Reading
Today, eight federal financial regulatory agencies issued a final Gramm-Leach-Bliley Act (“GLBA”) model privacy notice. The final model notice incorporates financial institutions’ required disclosures pursuant to Section 503 of the GLBA. The GLBA requires, in relevant part, that financial institutions provide consumers with information regarding their collection and sharing of nonpublic personal information. Financial institutions … Continue Reading
The federal financial services agencies are expected to shortly announce a proposed-final Gramm-Leach-Bliley Act (“GLBA”) model form privacy notice. The model notice incorporates financial institutions’ required disclosures pursuant to Section 503 of the GLBA. Financial institutions that use the form to provide notice to consumers will be deemed in compliance with the privacy notice provisions … Continue Reading
On June 30, 2009, the Obama Administration sent legislation to Congress that would create a new Consumer Financial Protection Agency ("CFPA"). Working with state regulators, the new agency would assume authority for the privacy provisions of the Gramm-Leach-Bliley Act, and would have the power to write rules and impose penalties pursuant to a variety of … Continue Reading