Gramm-Leach-Blilely Act

News & Analysis as of

Heal Thyself: Insider Threats to Heed, Especially for Industries with Large Amounts of Personal Information

A recent study by the Ponemon Institute found that insider threats due to malicious or negligent employees are the leading cause of private-sector cybersecurity incidents. Of the over 600 information security professionals...more

CFPB Proposes TRID Rule Modifications

As previously reported, the Consumer Financial Protection Bureau (CFPB) proposed substantive and technical revisions to the TILA/RESPA Integrated Disclosure (TRID) rule, which the CFPB refers to as the "Know Before You Owe"...more

CFPB: The Quarterly Review - July 2016

In This Issue: •The CFPB Speaks •Rulemaking •Debt Collection •Payday Lending •Mortgages •Upcoming in 2016 - In the second quarter of 2016, the CFPB continued its strong pace of activity, initiating two...more

Recent U.S. Department of Education Dear Colleague Letter Raises the Bar on Standards for Protecting Federal Financial Aid Data

On July 1, 2016 the U.S. Department of Education issued a follow-up Dear Colleague Letter to the Dear Colleague Letter of July 29, 2015. This most recent letter reminds institutions of their legal obligation to protect...more

CFPB Issues Proposed Revisions to GLBA Annual Privacy Notice Requirement

Earlier this month, the Consumer Financial Services Bureau issued its proposed rule amending the Gramm-Leach-Bliley Act’s annual privacy notice requirement set forth in Regulation P....more

International Regulators Issue Cybersecurity Guidance to the Financial Industry

The Bank for International Settlement (BIS) Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) last week issued the first internationally agreed-upon...more

CFPB Amends GLBA Rules to Permit Exemption from Annual Notice Requirement

On July 1st, the CFPB proposed to amend Regulation P under the Gramm-Leach-Bliley Act (GLBA) to implement the statutory changes made by the Fixing America’s Surface Transportation Act (see prior post) that provided financial...more

The CFPB and Data Security Enforcement

The Consumer Financial Protection Bureau (CFPB) announced its intention to act as a data security regulator by releasing its first unfair, deceptive or abusive acts or practices (UDAAP) enforcement action for allegedly...more

Illinois Joins the Fray: Strengthens its Laws Around Data Breach Notification and Data Security

Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more

The Paper Trail: The Potential Data-Breach Sitting in your Printer

In April 2016, the sensitive personal medical information of NFL players was stolen from the car of a trainer who had left the files in a backpack in his locked car. In 2014, Safeway, Inc. settled charges brought by the...more

Tennessee Legislature Amends Data Breach Notification Statute - Encryption is No Longer an Automatic Safe Harbor

On March 24, 2016, Governor Haslam signed S.B. 2005 which amends Tennessee's data breach notice statute. The amended statute will go into effect on July 1, 2016. The new Tennessee breach notice requirements are triggered by...more

NAIC Task Force Continues Work on Insurance Data Security Model Law

On May 24 and 25, the National Association of Insurance Commissioners (the NAIC) Cybersecurity (EX) Task Force (the Task Force) hosted a meeting in which state insurance commissioners and interested parties were invited to...more

FTC Staff Tackle FCC Privacy Rules in Public Comment

As the Federal Communications Commission sifts through over 50,000 comments received in response to its proposed broadband privacy rules, the Federal Trade Commission’s comments are likely to stand as a highlight. In a...more

Ransomware: Electronic Extortion for a Digital Era

Last month, the FBI asked the American Bar Association to share a cyberalert with its members warning of an increased risk of ransomware. Ransomware poses significant legal and operational risks to businesses. Personnel at...more

NAIC Report: 2016 Spring National Meeting

The National Association of Insurance Commissioners (NAIC) held its 2016 Spring National Meeting from April 1 through April 6 in New Orleans, Louisiana. As host, Louisiana provided beautiful weather and bountiful great food....more

Illinois Enacts Sweeping Changes to the Illinois Personal Information Protection Act

On May 6, 2016, Illinois joined a growing number of states that have strengthened their data breach notification requirements and expanded the definition of protected personal information. Effective January 1, 2017, HB1260...more

Sensitive Information: How Insurance Producers Can Protect Consumer Privacy

Introduction. Insurance sales may be conducted using entirely impersonal tools. An insurance consumer may fill out a form on an internet web site, and through automated systems have a policy of insurance issued without any...more

Tennessee’s Data-Breach Notice Requirements Among the Nation’s Toughest

On July 1, 2016, Tennessee’s new notice requirements for breaches of data security systems which compromise an individual’s personal information will take effect. The amendments to Tennessee’s current rules, found at T.C.A....more

Illinois Makes Extensive Changes to Data Breach Notification Law

On May 6, 2016, Illinois Governor Bruce Rauner signed HB1260, which significantly updates the state’s Personal Information Protection Act. The changes take effect on January 1, 2017. When the new law becomes effective,...more

Cyber Security

Roughly one million pieces of malware—computer viruses or malicious software—are released every day. In recent years, we’ve witnessed an unprecedented level of activity in the cyber arena, both in the form of increased...more

OPT-IN vs. OPT-OUT

As technology continues to make it easier for businesses across the globe to collect, maintain, and use personally identifiable information (“PII”), securing PII has become increasingly important. For most businesses, having...more

Financial Institutions Spend More on Cybersecurity

Financial institutions have been at the forefront of protecting their customers’ personal information, including names, addresses, phone numbers, account numbers, Social Security numbers, income, and credit histories. The...more

Privacy & Cybersecurity Newsletter: April 2016

What seems like a long time ago now, in 2011 PricewaterhouseCoopers (PwC) warned that “there is no question that law firms are among the companies being targeted by cyber criminals.” Despite this, many law firms believed (or...more

New Proposed Rules on Banker Incentive Compensation Released

The National Credit Union Administration, or NCUA, became the first of six Agencies to unveil a revised rule proposal under Section 956 of the Dodd-Frank Act: prohibiting incentive-based payment arrangements that the...more

Tennessee Gives Businesses 45 Days for Data Breach Notice

Recent amendments to the State’s data breach statute give a hard deadline for a business to provide consumer notice, removes encryption safe harbor, exempts entities that are subject to the Health Insurance Portability and...more

134 Results
|
View per page
Page: of 6
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×