On March 24, 2025, Virginia Gov. Glenn Youngkin signed into law SB 754, amending the state’s Consumer Protection Act to prohibit businesses from “[o]btaining, disclosing, selling, or disseminating any personally identifiable...more
A new US Department of Justice (DOJ) rule on “Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern (including China) or Covered Persons” (rule) prohibits and restricts certain...more
On January 10, 2025, the Consumer Financial Protection Bureau (CFPB) initiated rulemaking processes to examine and create a framework regarding data privacy and consumer protections in the digital payments industry. In a...more
1/17/2025
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cryptocurrency ,
Data Privacy ,
Data Security ,
Digital Assets ,
Electronic Fund Transfer Act ,
Financial Services Industry ,
FinTech ,
Payment Systems ,
Popular ,
Regulation E
On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) issued a notice of proposed rulemaking (NPR) – Protecting Americans from Harmful Data Broker Practices. The CFPB’s proposal would amend Regulation V, which...more
As we previously reported, in October 2023, California enacted SB 54, a law requiring venture capital (VC) firms with a nexus to California to report data regarding the diversity of the founding members of the portfolio...more
The Consumer Financial Protection Bureau (CFPB) published a report on November 12, 2024, examining state and federal privacy protections for consumer financial data....more
On October 24, 2024, the Consumer Financial Protection Bureau (CFPB) issued a consumer financial protection circular explaining that background reports, including scores, obtained from third parties and “used by employers to...more
On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) released its long-awaited final rule implementing Section 1033 of the Consumer Financial Protection Act (CFPA) concerning personal financial data rights....more
On September 30, 2024, the Federal Housing Administration (FHA) published a draft Mortgagee Letter (ML) with updated cyber incident reporting requirements and a call for interested stakeholders to provide feedback to the...more
On July 18, 2024, US District Judge Paul Engelmayer of the Southern District of New York issued a detailed 107-page opinion and order dismissing most of the US Securities and Exchange Commission (SEC) case against SolarWinds...more
There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike’s defective software update on July 19, 2024, and their impacts on public...more
The Federal Housing Administration (FHA) published Mortgagee Letter 2024-10 (Letter) on May 23, 2024, requiring FHA-approved Mortgagees to report certain cyber incidents to the Department of Housing and Urban Development...more
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting...more
On October 27, 2023, the Federal Trade Commission (FTC) unanimously approved an amendment to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule to require certain covered financial institutions to report a broad range of data...more
On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized its proposed cybersecurity rules, which build upon existing NYDFS cybersecurity requirements in the Part 500 Cybersecurity Rules....more
On Tuesday, October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, which amends certain aspects of California’s existing Data Broker Registration law. By January 1, 2026,...more
With 8-K reporting obligations for “material” cybersecurity incidents under the new Securities and Exchange Commission (SEC) rules becoming effective as of December 18, 2023, most companies will soon be tasked with making...more
On July 26, 2023, the Securities and Exchange Commission (SEC) voted at an open meeting to adopt final rules to mandate standardized cybersecurity disclosures by public companies. The final rules will...more
8/3/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On July 13, 2023, the White House unveiled its National Cybersecurity Strategy Implementation Plan (NCSIP or implementation plan), following the release of the National Cybersecurity Strategy....more
On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million settlement with cosmetics retailer Sephora to resolve allegations that it violated the California Consumer Privacy Act (CCPA) and failed to...more
Key Takeaways -
On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed...more
With the passage of new state privacy laws slated to take effect in 2023, organizations are increasingly focused on identifying necessary steps to comply with these new laws. One of the first key steps in the compliance...more
On May 16, 2022, eight months after President Joe Biden announced his intention to nominate Alvaro Bedoya to serve as a commissioner of the Federal Trade Commission, Bedoya was sworn in. The FTC includes five commissioners –...more