The New York Department of Financial Services (NYDFS) finalized amendments to its cybersecurity regulations on November 1, 2023, marking a significant update in the state's approach to cyber threats. The process involved...more
On October 27, 2023, the Federal Trade Commission (FTC) announced a significant amendment to the agency’s Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This amendment, reflecting an increasingly strident stance by...more
The Illinois Supreme Court’s most recent rulings have cut both ways while further clarifying the contours of litigating Illinois Biometric Information Privacy Act (“BIPA”) claims. On one hand, its decision in the Cothron v....more
On March 15th, the Securities and Exchange Commission (“SEC”) issued a proposed rule to revise Regulation S-P (“Proposed Regulation S-P”) which implements the privacy and security requirements of the Gramm-Leach-Bliley Act...more
Significant revisions to the Federal Trade Commission’s GLBA Safeguards Rule become effective in June of this year. For any higher education institution receiving Federal Student Aid, this will impose significant new...more
3/23/2023
/ Colleges ,
Continuing Legal Education ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Education ,
Educational Institutions ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
New Guidance ,
Personal Information ,
Safeguards Rule ,
Universities ,
Webinars
In February, the Federal Student Aid (FSA) office of the U.S. Department of Education issued Electronic Announcement General-23-09 on the updated and strengthened requirements of the Federal Trade Commission’s (FTC)...more
3/13/2023
/ Colleges ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Education ,
Encryption ,
Federal Student Aid ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Information Sharing ,
Safeguards Rule ,
Security Risk Assessments ,
Sensitive Personal Information ,
Universities
The Federal Trade Commission (“FTC”) has kicked off what may be a new wave of digital health compliance enforcement. On February 1, 2023, the FTC announced its first enforcement action under the Health Breach Notification...more
In a February 2, 2023 decision, the Illinois Supreme Court announced that the five-year statute of limitations set out in Section 13-205 applies to claims brought under the Illinois Biometric Information Privacy Act (“BIPA”)...more
The CPRA amends key provisions of the existing law, the California Consumer Privacy Act (CCPA), including to create new consumer rights and impose new obligations on businesses. The chair of Thompson Coburn’s Cybersecurity...more
In late 2021, the Department of Justice announced a new initiative to combat misrepresentations about cybersecurity preparedness and control measures by federal contractors. As part of the Cyber Initiative, DOJ has brought...more
11/11/2022
/ Continuing Legal Education ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Liability ,
Misrepresentation ,
Popular ,
Qui Tam ,
Risk Mitigation ,
Webinars ,
Whistleblowers
On October 24, 2022, the Transportation Security Administration (“TSA”) released Security Directive 1580/82-2022-01 regarding “Rail Cybersecurity Mitigation Actions and Testing.” The directive is applicable to freight...more
On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million settlement with cosmetics retailer Sephora resolving alleged violations of the California Consumer Privacy Act (CCPA). Although the CCPA has...more
On August 22, 2022, the Federal Trade Commission (“FTC”) published an advance notice of proposed rulemaking (“ANPR”) that requests “public comment on the prevalence of commercial surveillance and data security practices that...more
9/30/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Comment Period ,
Consumer Information ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Public Comment ,
Surveillance ,
Unfair or Deceptive Trade Practices
For the last several years, state legislatures rather than Congress have taken the lead in enacting requirements for privacy and cybersecurity. Some of those state laws provide a model followed by other states, or even the...more
6/2/2022
/ Biometric Information ,
Biometric Information Privacy Act ,
Continuing Legal Education ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Illinois ,
Popular ,
Privacy Laws ,
State Privacy Laws ,
Webinars
Connecticut and Utah both enacted comprehensive privacy laws this spring. On March 24, 2022, Utah became the fourth state to enact a comprehensive data privacy law when Governor Spencer Cox signed Senate Bill 227, known as...more
Members of Thompson Coburn’s Cybersecurity practice, including chair Jim Shreve, Los Angeles-based litigation partner Luke Sosnicki, and Chicago-based litigation associate Dremain Moore, will discuss primary sources of cyber...more
4/8/2022
/ Business Litigation ,
Continuing Legal Education ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Popular ,
Risk Mitigation ,
Webinars
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed rules on cybersecurity risk management, strategy, governance, and incident disclosure by public companies. The proposed rules would require, among...more
3/25/2022
/ Comment Period ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 20-F ,
Form 8-K ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
Multiple privacy bills were introduced in California on or just before February 18, 2022, the last day for bills to be introduced in the legislature’s current session.
CCPA/CPRA Revisions -
The most noteworthy of the...more
3/7/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Educational Institutions ,
Online Safety for Children ,
Personally Identifiable Information ,
Private Right of Action ,
Proposed Legislation ,
State Privacy Laws
On Monday, February 14, 2022, the State of Texas by and through the Attorney General of Texas, Ken Paxton, filed suit against Meta Platforms, Inc. for alleged violations of the state’s biometric and deceptive trade practices...more
On February 9, 2022, the SEC announced proposed rules under the Investment Advisers Act of 1940 and the Investment Company Act of 1940. The proposed rule is available...
The SEC’s fact sheet on the proposed rule notes that...more
On October 27th, the FTC issued the final version of the agency’s Gramm-Leach-Bliley Act Safeguards Rule. Although the rule is new, its primary source, the New York Department of Financial Services cybersecurity regulation,...more
2/4/2022
/ Continuing Legal Education ,
Cybersecurity ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
New Rules ,
NYDFS ,
Popular ,
Safeguards Rule ,
Webinars
On October 27, 2021, the Federal Trade Commission (“FTC”) announced significant updates to the Safeguards Rule. The FTC asked for comments on the Rule in 2019, and held a public workshop on the Rule in 2020. The Final Rule...more
12/21/2021
/ Comment Period ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Information Security ,
Popular ,
Public Comment ,
Safeguards Rule
The Federal Deposit Insurance Corporation, Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency (the “prudential banking regulators”) issued a final rule regarding the...more
12/16/2021
/ Banking Sector ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
FDIC ,
Federal Reserve ,
Final Rules ,
Notification Requirements ,
OCC ,
Reporting Requirements
On October 27th, the FTC issued the final revised version of the agency's Gramm-Leach-Bliley Act Safeguards Rule. The revised Safeguards Rule has been years in the making and marks a significant change in how the agency will...more
11/11/2021
/ Continuing Legal Education ,
Cybersecurity ,
Data Security ,
Educational Institutions ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
New Rules ,
Popular ,
Safeguards Rule ,
Webinars
The California Privacy Rights and Enforcement Act (“CPRA”), formerly known as Proposition 24, passed on November 3, 2020. The CPRA is intended to supplement privacy protections for Californians that were first established by...more