Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more
2/25/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Privacy Laws ,
Reporting Requirements ,
State Privacy Laws
Key Point: The FCC revised its breach notification rules for telecommunication providers to broaden the instances when notifications are required, but even with limited exceptions to the new requirements, the final rule...more
Key Point: The Federal Trade Commission (FTC) has amended the Safeguards Rule to require non-banking financial institutions to inform the FTC within 30 days of discovering any unauthorized acquisition of unencrypted customer...more
10/31/2023
/ Amended Rules ,
Board of Governors ,
Breach Notification Rule ,
Cyber Incident Reporting ,
Data Breach ,
Data Security ,
Dodd-Frank ,
FDIC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
GLBA Privacy ,
Gramm-Leach-Blilely Act ,
Non-Public Information ,
NYDFS ,
OCC ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits.
On March 11, 2021, Utah governor Spencer Cox signed the...more
3/30/2021
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
DSS ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PCI ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Keypoint: April 12, 2021 is the deadline to comment on a proposed rule that would require banking organizations and bank service providers to promptly report computer-security incidents.
The Office of the Comptroller of...more
Key Point: The New York Attorney General’s Office (NYAG) reached a Consent and Stipulation Agreement with Dunkin’ Brands, Inc. (Dunkin), which obligates the company to implement and maintain a comprehensive information...more
9/23/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumers ,
Cyber Attacks ,
Data Breach ,
Data Security ,
Dunkin' Donuts ,
Federal Trade Commission (FTC) ,
Hackers ,
Misleading Statements ,
New York ,
NYDFS ,
Perks ,
SHIELD Act ,
Zoom®
Key Point: The SHIELD Act increases the statutory penalties for knowing and reckless violations of the State’s data breach notification law. It also authorizes the NY Attorney General to pursue injunctive relief and monetary...more
Key Point: If signed by the Governor, the legislation will require entities doing business in New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of private...more
Colorado’s Protections for Consumer Data Privacy law (“new law”) takes effect on September 1, 2018 and requires that businesses holding personal information for Colorado residents destroy the data they don’t need, protect the...more