On November 12, the Consumer Financial Protection Bureau (CFPB) released a new report titled, “State Consumer Privacy Laws and the Monetization of Consumer Financial Data.” The report provides an overview of the state...more
11/18/2024
/ Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Information ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
GLBA Privacy ,
Lending ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get...more
9/11/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Incident Response Plans ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
7/25/2024
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Unauthorized Access
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
On April 7, House Energy & Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Senate Commerce Committee Chair Maria Cantwell (D-WA) announced a bipartisan, bicameral draft of comprehensive data privacy legislation,...more
4/16/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Personal Data ,
Privacy Policy ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Reform
Editor’s Note: In recent regulatory and enforcement developments, the White House announced a new executive order aimed at strengthening cybersecurity at U.S. ports, and another executive order was issued to protect sensitive...more
3/7/2024
/ Artificial Intelligence ,
Biden Administration ,
Consent Order ,
Consumer Financial Products ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
FCC ,
Financial Services Industry ,
Personal Data ,
Personally Identifiable Information ,
Robocalling ,
TCPA ,
UDAAP
NIST Publishes Report on the Cybersecurity of Genomic Data. On December 20, 2023, the NIST National Cybersecurity Center of Excellence (NCCoE) published Final NIST IR 8432, Cybersecurity of Genomic Data. Informed by direction...more
2/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Financial Products ,
Consumer Fraud ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
NIST ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Putative Class Actions
In recent regulatory and enforcement developments, the California Privacy Protection Agency (CPPA) proposed a regulatory framework for automated decision-making technology (ADMT) and revisions to the California Consumer...more
2/7/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
COPPA ,
Cyber Attacks ,
Data Breach ,
Data Brokers ,
Data Protection ,
FCC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Personal Data ,
Popular ,
Reporting Requirements ,
Robocalling ,
Social Media ,
State Attorneys General ,
Vulnerability Assessments ,
Website Owner Liability
On January 16, New Jersey Governor Phil Murphy signed S332 (the act), making New Jersey the first state in 2024 to enact a comprehensive privacy law. Several other states are currently considering similar comprehensive...more
1/26/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Technology ,
New Jersey ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
Editor’s Note: The FTC continues to crack down on privacy and cybersecurity, including issuing a new warning to tax preparation companies and entering into a consent decree with 1Health.io. VPPA and BIPA litigation continues...more
11/28/2023
/ Artificial Intelligence ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent Order ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Motion to Dismiss ,
NIST ,
Personal Information ,
Popular ,
Privacy Policy ,
Putative Class Actions ,
Safeguards Rule ,
State Attorneys General
The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests...more
10/23/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
New Legislation ,
Personal Information ,
Registration Requirement ,
Regulatory Reform ,
State and Local Government ,
State Privacy Laws
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
10/20/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Reporting Agencies ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
New Legislation ,
Notice of Proposed Rulemaking (NOPR) ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Regulatory Reform
Editor’s Note: As the summer months come to an end, there has been no shortage of privacy news and updates. Oregon signed both a comprehensive privacy law and data broker law, and the SEC adopted new rules regarding the...more
9/15/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Fingerprints ,
Popular ,
Securities and Exchange Commission (SEC)
CPRA Regulations Delayed. On June 29, 2023, two days before enforcement of the California Consumer Privacy Act (CCPA) was to begin, a Sacramento Superior Court issued a temporary injunction, enjoining enforcement of newly...more
Editor’s Note: Montana became the latest state to pass a comprehensive privacy bill, joining California, Virginia, Colorado, Connecticut, Utah, and Tennessee. Florida, too, passed a privacy bill, but with a much narrower...more
6/21/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
New Legislation ,
Popular ,
Regulatory Reform ,
State Data Privacy Laws
Editor’s Note: Indiana became the latest state to enact a comprehensive privacy law, with Montana and Tennessee close behind. Washington passed sweeping legislation — the My Health My Data Act — which included a private right...more