A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
The Federal Trade Commission (FTC) recently announced its position on breach notification: “Regardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties...more
On April 7, 2020, the staff of the Office of Compliance Inspections and Examinations (OCIE) issued a risk alert (Alert) informing investment advisory firms of the potential areas of focus for Form CRS-related examinations. In...more
As we speed past Thanksgiving and enter the holiday season, kids shouldn’t be the only ones putting together their wish lists. Here are some things that might not fit under a tree, but would certainly fill us with the joy of...more
No! It is a common misconception among the general public that someone always has to pay when there is a data breach. It is understandable that individuals affected by a data breach will be upset, distraught, and even angry....more
OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
The National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive...more
On April 14, 2016, the European Parliament passed the General Data Protection Regulation (GDPR) and its companion, Data Protection Directive for Police and Criminal Justice Authorities. The GDPR is a comprehensive regulation...more
On Wednesday, Dec. 9, the House Financial Services Committee approved a bill that would require companies to notify consumers and the government when a data breach compromises certain unencrypted consumer information. The...more
With no Congressional consensus to adopt a federal data privacy and breach notification statute, states are updating and refining their already-existing laws to enact more stringent requirements for companies. Two states...more
In the wake of recent, large-scale data breaches, several pieces of legislation have been introduced in Congress to establish a national data breach notification law, including a House bill that would preempt the current...more
I. Introduction; the General Rule - Businesses that straddle the worlds of finance and technology are subject to a regulatory patchwork that is only increasing in complexity as governments take a greater interest in...more