After many years of signaling potential expansion of cybersecurity rules, the Securities and Exchange Commission (SEC) has issued in the past month two new sets of proposed rules governing cybersecurity. The more recent set...more
On March 9, 2022, the SEC proposed a new rule to enhance and standardize disclosures regarding cybersecurity incidents, risk management, strategy, and governance. If approved, public companies subject to the reporting...more
Following the lead of California, Colorado, and Virginia, Utah is set to become the fourth state to pass a comprehensive privacy law.
As of March 4, the Utah Consumer Privacy Act (SB 227) cleared both houses of the Utah...more
2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening...more
As anticipated, the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Federal Reserve”), and the Federal Deposit Insurance Corporation...more
On October 27, the Federal Trade Commission (FTC) announced a final rule (Final Rule) and supplemental notice of proposed rulemaking (NPRM) to amend the Safeguards Rule promulgated under the Gramm-Leach-Bliley Act (GLBA),...more
California continues to be at the vanguard of privacy protection. On October 11, 2021 California’s Governor Newsom signed several bills addressing privacy and data security. These new laws go into effect January 1, 2022 and...more
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a policy statement affirming the applicability of its Health Breach Notification Rule (the “Rule”), 16 CFR Part 318, to health apps and connected devices that...more
On August 12, 2021, the United States District Court for the District of South Carolina issued an opinion denying in part and granting in part a motion by Blackbaud to dismiss seven statutory claims brought by plaintiffs in a...more
With a little over a year of enforcing the California Consumer Privacy Act (CCPA) under its belt, the Office of the California Attorney General (OAG) recently held a press conference to announce updates on its CCPA...more
Following in the footsteps of the Eastern District of Virginia’s Capital One decision last year and the District of D.C.’s Clark Hill decision earlier this year, the Eastern District of Pennsylvania has just ordered the...more
Over the past four years, U.S. companies have been forced to expand their compliance programs to comply with an expanding array of international and U.S. state privacy laws. The wave of privacy laws began in May 2018, when...more
In a thoughtful opinion that diverges from how other circuit courts have addressed the issue, the Second Circuit recently issued a ruling clarifying the circumstances when data breach plaintiffs can rely on fear of identity...more
In a thoughtful opinion that diverges from how other circuit courts have addressed the issue, the Second Circuit recently issued a ruling clarifying the circumstances when data breach plaintiffs can rely on fear of identity...more
After a pandemic-related hiatus in 2020, a number of U.S. states have proposed new data privacy laws in 2021 – and several are very close to passage. Virginia’s proposed data privacy law appears to be the closest and is...more
In an opinion that deepens an existing circuit court split, the Eleventh Circuit recently held that the future risk of identity theft is not sufficient to establish Article III standing....more
On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott...more
The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System...more
On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require...more
On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require...more
The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”)....more
On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand...more
The Regulations to the California Consumer Privacy Act (CCPA) continue to evolve, in confusing fashion. As background, the AG’s Office had previously issued proposed Regulations to the CCPA in October 2019. The AG’s Office...more
10/14/2020
/ Amended Regulation ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Information Governance ,
Office of Administrative Law ,
Opt-Outs ,
Personal Information ,
Privacy Policy ,
State Attorneys General
October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two...more
10/8/2020
/ Bank Secrecy Act ,
BSA/AML ,
Cyber Crimes ,
Cybersecurity ,
Financial Institutions ,
FinCEN ,
International Emergency Economic Powers Act (IEEPA) ,
Office of Foreign Assets Control (OFAC) ,
Privacy Concerns ,
Ransomware ,
Suspicious Activity Reports (SARs)
On September 9, 2020, Washington Senator Reuven Carlyle, D-Seattle, announced via Twitter that the third version of the draft Washington Privacy Act 2021 (“WPA”) was available for public review and comment. The recently...more