By

Colleen Theresa Brown

22 November 2021

U.S. Federal Bank Regulators Require Notifications For Material Cybersecurity Incidents

On November 18, 2021, a group of federal bank regulators announced a final rule requiring banks to notify their primary federal regulator of any “significant computer-security incidents.” Regulators must be notified no later than 36 hours after the bank has determined that the incident triggers the rule’s notification requirement. Further, … Read More

EmailShare
12 October 2021

Data Breaches are More Expensive than Last Year, New IBM Security Report Finds

Death, taxes and data breaches. Cybersecurity incidents have grown in frequency, scale and seriousness. As articulated in President Biden’s May 2021 Executive Order, Improving the Nation’s Cybersecurity, “[t]he United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately … Read More

EmailShare
04 October 2021

Changes to FTC Rulemaking Procedures Herald More Aggressive Action on Consumer Privacy

On July 22, 2021, the Federal Trade Commission finalized important changes to its procedures for rulemaking under Section 18 of the FTC Act. Section 18 authorizes the Commission to make regulations, termed “Trade Regulation Rules,” (or “Magnuson-Moss Rules” after their authorizing statute), which “define with specificity” conduct that violates the … Read More

EmailShare
28 September 2021

Federal Trade Commission Hosts Panels Related to Consumer Privacy and Data Security at PrivacyCon

This summer, the Federal Trade Commission (“FTC”) hosted its sixth annual PrivacyCon, an event focused on the latest research and trends related to consumer privacy and data security. This years’ event was divided into six panels: Algorithms; Privacy Considerations and Understandings; Adtech; Internet of Things; Privacy-Children and Teens; and, … Read More

EmailShare
23 September 2021

Get Prepared for Data Privacy Compliance Under China PIPL

On August 20, 2021, China’s National People’s Congress passed the Personal Information Protection Law (PIPL), which will become effective starting November 1, 2021. As an overarching law in China with respect to data privacy, PIPL shares many similarities with the EU General Data Protection Regulation (GDPR). If a company has … Read More

EmailShare
30 August 2021

SEC Continues Focus on Cybersecurity Disclosure Failures, Announces Settled Charges Against Pearson plc

Through its announcement of settled charges against Pearson plc (Pearson) on August 16, 2021, the U.S. Securities and Exchange Commission signaled its continued, high level scrutiny of companies’ public statements related to data security incidents.1 Without admitting or denying the SEC’s findings, Pearson agreed to a cease and desist … Read More

EmailShare
09 August 2021

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

In recent weeks, Connecticut passed An Act Concerning Data Privacy Breaches (“The Act”), and the Uniform Law Commission approved and recommended the Uniform Personal Data Protection Act (“UPDPA”).  With the growing patchwork of state data privacy laws continuing to pose challenges for compliance—and the potential for federal data privacy legislation … Read More

EmailShare
28 July 2021

West Coast, East Coast, and Now Mountains, Too: Colorado Joins the Comprehensive State Privacy Law Club

With the U.S. Congress continuing to stymie federal omnibus privacy legislation, states have decidedly taken up the call. Most recently, on July 8, 2021, Colorado Gov. Jared Polis signed into law Senate Bill 21-190, the Colorado Privacy Act (CPA). With the signing of the CPA, which will largely go into … Read More

EmailShare
24 June 2021

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.1  Without admitting or denying the SEC’s findings, First American agreed to a cease-and-desist order and to … Read More

EmailShare
11 June 2021

Nevada Updates its Existing Online Privacy Notice Statutes

On June 2, 2021, Nevada Governor Steve Sisolak signed SB260, a bill that will amend the state’s existing privacy notice legislation, NRS 603A.300 to .360 (“Existing NV Privacy Law”). SB260 amends the Existing NV Privacy Law by exempting certain persons and information collected about a consumer from the law’s … Read More

EmailShare
1 2 3 15
XSLT Plugin by BMI Calculator