A Look at Recent Federal Trade Commission and Consumer Financial Protection Bureau Initiatives Concerning Privacy and Data Security
2BInformed: Engaging with EPA, OSHA’s New Regulation, and Asbestos
The rule imposes substantial new diligence, reporting, cybersecurity, and auditing obligations on companies. On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued a final rule implementing Executive Order...more
The Department of Justice ("DOJ") is wasting no time in implementing the new cyber-security Executive Order (the EO), signed on February 28, 2024. As explained in our April 2024 blog post, the EO aims to portect Americans’...more
Last year’s proposed comprehensive framework for cybersecurity rules for large financial institutions is suddenly facing an uncertain future. With the comment period having closed as of February 2017, the framework was facing...more
The Federal Reserve, the OCC and the FDIC extended the comment period on an advance notice of proposed rulemaking on enhanced cyber risk management standards...more
On January 13, 2017, the Federal Reserve Board, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation changed, from January 17, 2017 to February 17, 2017, the deadline for comments “for...more
In December 2016, Thomas Curry, the Comptroller of the Currency, stated that cybersecurity was the single greatest systemic threat to our financial system. He was not being hyperbolic. Cybersecurity should be on...more
On October 19, 2016, the three major federal banking regulators announced a joint advance notice of proposed rulemaking (ANPR) for enhanced cyber risk management standards (Enhanced Standards) for large and interconnected...more
To address the increasing risk of technology failures and cyber-attacks affecting the largest banking organizations, an advance notice of proposed rulemaking titled Enhanced Cyber Risk Management Standards (the ANPR) was...more
The fourth quarter of 2016 has seen an uptick in regulatory activity respecting the financial services sector in the cybersecurity space, both at the state level as previously discussed (here) and on the federal level....more
On October 19, 2016, federal regulators issued an Advance Notice of Proposed Rulemaking titled “Enhanced Cyber Risk Management Standards.” The draft standards, jointly released by the Federal Reserve, the Federal Deposit...more
Financial institutions must meet standards for safeguarding customer data given the particularly sensitive information they hold, and regulators have been stepping up their efforts to provide guidance on just how they must do...more
On October 19, US banking agencies released an advanced notice of proposed rulemaking (ANPR) seeking comments on enhanced cybersecurity standards. These standards potentially would apply to ..US bank holding companies...more
Financial Industry Developments - Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cyber Risk Management Standards - On October 19, 2016, the Federal Reserve Board, the Federal Deposit Insurance...more
Editor's Note - Another Cybersecurity Proposal. On the heels of the New York State Department of Financial Services (NYDFS) issuing its proposed regulation that would require banks and insurance companies to institute...more
On Thursday, October 20, the Federal Reserve, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation jointly issued an advance notice of proposed rulemaking, requesting comments on...more
Yesterday, the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (Fed), and the Federal Deposit Insurance Corporation (FDIC) issued a joint advanced notice of proposed rulemaking (ANPRM) seeking...more
Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more
Three federal banking regulatory agencies have approved an advance notice of proposed rulemaking (ANPR) inviting comment on a set of potential enhanced cybersecurity risk-management and resilience standards that would apply...more