Data Security

News & Analysis as of

Investment Adviser Settles SEC Cybersecurity Enforcement Action; SEC Issues Investor Alert

On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt...more

Financial Services Weekly News - October 2015

Regulatory Developments - FINRA Files Proposed Rule Change to Apply Markup Rule to Government Securities: On Sept. 30 FINRA filed with the SEC a proposed rule change, published in the Federal Register on Oct. 6, to...more

Strike Suit Offers Conjectures, And Little More, About Scottrade Data Breach

As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a...more

SEC Brings First Cybersecurity Enforcement Proceeding in Wake of Risk Alert

Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more

The SEC Opens Up a New Front in the Cybersecurity Wars

For the last few years, the SEC has been issuing guidance as to appropriate cybersecurity policies and procedures for financial firms. In a move that signal’s the regulator’s willingness to put muscle into its cybersecurity...more

EXPECT FOCUS: Onboard Technology, NAIC Cybersecurity, DOL, ACA Litigation, SEC Regulation (Vol. III, Summer 2015)

In This Issue: IN THE SPOTLIGHT - - Your Data Breach Collided With My Personal Injury Coverage LIFE INSURANCE - - Phantom Injury Dooms “Shadow Insurance” Case - Latest NAIC Cybersecurity News - A...more

Effects of Schrems Ruling on International Internal Investigations

In a recent landmark decision, Maximillian Schrems v. Data Protection Commissioner, Europe’s highest court struck down a US-EU agreement that allowed companies to move personal electronic data between the European Union and...more

OIG Report Finds CMS’s MIDAS System Needs Improvement in Information Security Controls

On September 14, 2015, the OIG released a Public Summary Report finding that although CMS had implemented controls to secure the Multidimensional Insurance Data Analytics System (MIDAS) and consumer personally identifiable...more

Court Invalidates US-EU Data Transfer Safe Harbor Program

The European Union’s highest court has, effective immediately, invalidated the US-EU Safe Harbor program relied upon by many companies as the basis for lawfully transferring and processing personal information from the EU to...more

New Delaware Act Requires Online Privacy Policy for Websites

A new privacy law requires companies to make specific statements about what information is collected on its website. Like California, it also requires that companies state in writing whether they respect “Do Not Track”...more

Trump Hotel Collection Confirms Year-Long Data Breach

Trump Hotel Collection, the high-end hotel chain owned by the billionaire Republican presidential hopeful and real estate developer Donald Trump, has confirmed a data security breach involving malware that the company says...more

DOJ Assistant Attorney General Stresses Public-Private Cooperation In the Event of a Cyber Breach

On September 30, U.S. Assistant Attorney General John Carlin delivered remarks at the 2015 Cybersecurity Summit hosted jointly by the U.S. Chamber of Commerce and the American Gaming Association. In his remarks, Carlin...more

CFPB Information Security Remains a Challenge

The Office of the Inspector General (OIG) has released the “2015 list of major management challenges” faced by the CFPB that the OIG believes will hamper the CFPB’s ability to accomplish the CFPB’s strategic objectives. Like...more

Court of Justice of the European Union Says Safe Harbor Is No Longer Safe

On October 6, 2015, the Court of Justice of the European Union (CJEU) announced its determination that the U.S.-EU Safe Harbor program is no longer a “safe” (i.e., legally valid) means for transferring personal data of EU...more

OIG Calls for Stronger HIPAA Compliance Efforts

The OIG has issued two reports calling for stronger ONC oversight of covered entity compliance with HIPAA standards. In the first report, “OCR Should Strengthen Its Oversight of Covered Entities’ Compliance with the HIPAA...more

Safe Harbor ruled invalid by the Court of Justice of the European Union

Just two weeks after Advocate General Bot delivered his controversial recommendation that the Court of Justice of the European Union (CJEU) should find the Safe Harbor Decision (2000/520/EC of 26 July 2000) to be invalid, the...more

ECJ Safe Harbor Opinion Has Implications for All Data Transfers Out of Europe

On October 6, 2015, the European Court of Justice (ECJ) followed the core of the Opinion of the Advocate General (AG) in Schrems v. Data Protection Commissioner (Case No. C-362/14). In sum, the ECJ held that...more

Europe's Highest Court Invalidates EU - U.S. Safe Harbor Data Sharing Agreement

On October 6, 2015, the European Court of Justice — Europe’s highest court — invalidated the Safe Harbor agreement and framework that has permitted more than 4,000 companies to transfer personal data from the EU to the U.S....more

EU Court Strikes Down U.S.-EU Safe Harbor for Trans-Atlantic Data Transfers

The European Court of Justice (the "ECJ") ruled that national regulators in the EU can override the 15-year-old pact between the U.S. and EU known as the "Safe Harbor." The Safe Harbor allowed companies based in the U.S. to...more

SEC Ramps up Cybersecurity Scrutiny With Examination Priorities and an Enforcement Action

Why it matters - Signaling that it will continue to increase its scrutiny of firms' cybersecurity readiness, the Office of Compliance, Inspections and Examinations of the Securities and Exchange Commission (SEC) issued a...more

EU Court of Justice: Safe Harbor Decision Permitting EU-U.S. Personal Data Transfers Is Invalid

Ruling affects approximately 5,000 U.S. companies that have relied on the Safe Harbor to transfer personal data from the EU to the United States. Key Points - - The approach of the U.S. government to personal...more

What Does the European Court of Justice's Invalidation of the U.S.-EU Safe Harbor Framework Mean For U.S.-Based Multinational...

In a landmark decision that will dramatically affect thousands of U.S. companies that transfer personal data from the European Union ("EU") to the United States, the European Union Court of Justice ("ECJ") yesterday...more

States Continue To Grapple With Data Breach Notification Issues

Connecticut’s data breach notification law currently requires notification “without unreasonable delay.” Effective October 1, 2015, Connecticut will (a) require notice of any breach of security not only “without unreasonable...more

US–EU Safe Harbor – Struck Down!

1. CJEU finds Safe Harbor Invalid - In a landmark ruling delivered today, Europe's highest court, the Court of Justice of the European Union (CJEU) declared that the EU Commission's US - EU Safe Harbour regime is...more

FFIEC Weighs in on Cybersecurity in Light of Unprecedented Risk of Cyber Threats

As financial institutions of all sizes continue to face unprecedented cybersecurity risk, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment Tool. The Assessment is...more

395 Results
View per page
Page: of 16

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.