Gramm Leach Bliley Act

On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company, to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders.
Continue Reading FTC Announces Enforcement for Inadequate Third-Party Risk Management Practices Under the GLBA’s Safeguards Rule

On December 18, 2020, federal financial regulatory agencies announced a proposed rule that would require “banking organizations” to notify their primary federal regulator within 36 hours following any “computer-security incident” that rises to the level of a “notification incident.” The Proposed Rule also would require service providers to notify at least two individuals at the banking organizations they service immediately after experiencing a computer security incident that materially disrupts, degrades or impairs the services they provide.
Continue Reading Financial Regulators Announce Proposed 36-Hour Notification Requirement for Notification Incidents

On October 22, 2020, the Consumer Financial Protection Bureau issued a notice of proposed rulemaking to implement Section 1033 of the Dodd-Frank Act regarding consumers’ access to their financial information.
Continue Reading Consumer Financial Protection Bureau Issues Notice of Proposed Rulemaking Regarding Access to Financial Information

As part of its regulatory review of the Gramm-Leach-Bliley Act Safeguards Rule, the Federal Trade Commission will hold a workshop, Information Security and Financial Institutions: An FTC Workshop to Examine the Safeguards Rule. The workshop, originally scheduled for May, has been postponed until July 13, 2020.
Continue Reading FTC Postpones Safeguards Rule Workshop until July

On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act went into effect. The SHIELD Act requires any person or business owning or licensing computerized data that includes the private information of a resident of New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information.
Continue Reading New York SHIELD Act Requires Safeguards to Protect Private Information

As reported on our Hunton Retail Law Resource blog, on January 7, 2020, the Federal Trade Commission announced a settlement with Mortgage Solutions FCS, Inc., and its sole principal, Ramon Walker, to resolve allegations that the lender violated the FTC Act, the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act, by improperly disseminating consumers’ personal information on Yelp in response to consumers’ negative reviews posted to that site.
Continue Reading Mortgage Broker Settles FTC Privacy Charges That It Improperly Disclosed Consumer Information on Review Site

On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which extends Oregon’s data breach notification requirements to include third-party vendors. This blog entry provides an overview of the bill.
Continue Reading Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors

On May 29, 2019, Nevada’s governor approved SB 220, which provides amendments to an existing law that requires operators of websites and online services to post a notice on their website regarding their privacy practices. This blog entry provides a summary of the Amendment Bill.
Continue Reading Nevada Law Provides Consumers with Limited Right to Opt Out of Sale