Gramm Leach Bliley Act

On December 18, 2020, federal financial regulatory agencies announced a proposed rule that would require “banking organizations” to notify their primary federal regulator within 36 hours following any “computer-security incident” that rises to the level of a “notification incident.” The Proposed Rule also would require service providers to notify at least two individuals at the banking organizations they service immediately after experiencing a computer security incident that materially disrupts, degrades or impairs the services they provide.
Continue Reading Financial Regulators Announce Proposed 36-Hour Notification Requirement for Notification Incidents

On October 22, 2020, the Consumer Financial Protection Bureau issued a notice of proposed rulemaking to implement Section 1033 of the Dodd-Frank Act regarding consumers’ access to their financial information.
Continue Reading Consumer Financial Protection Bureau Issues Notice of Proposed Rulemaking Regarding Access to Financial Information

On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act went into effect. The SHIELD Act requires any person or business owning or licensing computerized data that includes the private information of a resident of New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information.
Continue Reading New York SHIELD Act Requires Safeguards to Protect Private Information

As reported on our Hunton Retail Law Resource blog, on January 7, 2020, the Federal Trade Commission announced a settlement with Mortgage Solutions FCS, Inc., and its sole principal, Ramon Walker, to resolve allegations that the lender violated the FTC Act, the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act, by improperly disseminating consumers’ personal information on Yelp in response to consumers’ negative reviews posted to that site.
Continue Reading Mortgage Broker Settles FTC Privacy Charges That It Improperly Disclosed Consumer Information on Review Site

On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which extends Oregon’s data breach notification requirements to include third-party vendors. This blog entry provides an overview of the bill.
Continue Reading Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors