Gramm Leach Bliley Act

On October 25, 2016, the Federal Trade Commission released a guide for businesses on how to handle and respond to data breaches. The 16-page guide details steps businesses should take once they become aware of a potential breach. The guide also underscores the need for cyber-specific insurance to help offset potentially significant response costs.
Continue Reading FTC Issues Guide for Businesses on Handling Data Breaches

On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.
Continue Reading New Jersey Moves Forward With Shopper Privacy Bill

In this first segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto describes the dramatic changes in the legal landscape of privacy over the last 10 to 15 years. View the video recording now.
Continue Reading Lisa Sotto Speaks on Cybersecurity: Changes in Legal Landscape (Part 1)

In a recent article published by Corporate Counsel, Hunton & Williams partner Lisa Sotto and associate Ryan Logan discuss the privacy and data security-related legal issues that arise in corporate transactions, and provide a how-to guide on addressing those issues during the various stages of a transaction.
Continue Reading How to Safeguard Privacy and Data Security in Corporate Transactions

On December 4, 2015, President Obama signed the Fixing America’s Surface Transportation Act into law, which modifies the annual privacy notice requirement under the Gramm-Leach-Bliley Act.
Continue Reading President Signs Law Providing Exception to Annual Privacy Notice Requirement under the Gramm-Leach-Bliley Act

On September 22, 2015, the Securities and Exchange Commission announced a settlement order with an investment adviser for failing to establish cybersecurity policies and procedures, and published an investor alert entitled Identity Theft, Data Breaches, and Your Investment Accounts.
Continue Reading SEC Announces Settlement Order and Publishes Investor Alert

On August 24, 2015, the Third Circuit issued its opinion in Federal Trade Commission v. Wyndham Worldwide Corporation, affirming the Federal Trade Commission’s authority to regulate companies’ data security practices under the unfairness prong of Section 5 of the FTC Act.
Continue Reading Third Circuit Upholds FTC’s Authority to Regulate Companies’ Data Security Practices

On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.
Continue Reading Data Security Act Introduced in New York State Assembly