Category

Cybersecurity

04 March 2021

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

For over two and a half years, California has enjoyed the spotlight of having the most comprehensive data privacy law in the United States. On March 2, 2021, Virginia forced California to share the honors, when Democratic Gov. Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA).

The VCDPA, which will not enter into effect until January 1, 2023, borrows heavily from the California Consumer Privacy Act (CCPA) and the European Union (EU) General Data Protection Regulation (GDPR). Perhaps because Virginia was able to benefit from the experience of businesses that have spent the better part of the last five years implementing the GDPR or the CCPA, the Virginia law is less prescriptive and more straightforward than its predecessors, with (one would hope) a correspondingly lighter implementation burden on companies. Nonetheless, there is just enough different in the VCDPA that businesses with a connection to Virginia will need to evaluate whether the law applies to them and how they will comply.

While an exegesis of the VCDPA is beyond the scope of today’s Data Matters post, this alert is designed to assist such efforts in three ways. First, we lay out the VCDPA’s scope, providing preliminary insight into which businesses the law will cover. Second, we highlight the key ways the VCDPA differs from — and, more important, extends beyond — the CCPA and GDPR so that businesses will have an initial sense of what, if any, unique obligations the VCDPA will place on them. Finally, for completeness’s sake, the post briefly summarizes the law’s key elements.

(more…)

EmailShare
25 February 2021

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

On January 28, 2021, the UK Financial Conduct Authority (FCA) published Consultation Paper CP21/3, “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” (Consultation Paper). This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic (Temporary COVID Guidance).

The FCA is proposing amendments to:

  1. the UK onshored versions of EU technical standards on strong customer authentication (SCA) and common and secure methods of communication (UK SCA-RTS);
  2. its Approach Document on Payment Services and Electronic Money (Approach Document); and
  3. its Perimeter Guidance Manual (PERG).

(more…)

EmailShare
10 February 2021

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Issuance of the Framework is notable as it represents the first official guidance by a U.S. regulator concerning the increasingly critical issue of cyberinsurance. And while circular letters do not establish new legal requirements or have the force of law, they do set forth the department’s interpretation of the requirements of existing laws and regulations.1

(more…)

EmailShare
09 February 2021

FINRA Issues 2021 Report on its Examination and Risk Monitoring Program

Released on February 1, the Financial Industry Regulatory Authority (FINRA) 2021 Report on its Examination and Risk Monitoring Program (Report) provides a roadmap for member firms to use to prepare for examinations and to review and assess compliance and supervisory procedures related to business practices, compliance, and operations. The Report replaces two of FINRA’s prior annual publications: (1) the Report on Examination Findings and Observations, which provided an analysis of prior examination results, and (2) the Risk Monitoring and Examination Program Priorities Letter, which highlighted areas FINRA planned to review in the coming year.

(more…)

EmailShare
02 February 2021

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

Most cybersecurity professionals are aware of the New York Department of Financial Service’s requirement imposed on DFS-licensed entities to certify their cybersecurity program’s compliance on an annual basis (by April 15th of each year), but less well known is that numerous other states impose similar requirements on regulated insurance entities and that deadline for many states is coming up on February 15, 2021.

(more…)

EmailShare
28 January 2021

U.S. Commerce Department Issues Interim Regulations Establishing Review Process for Information and Communications Technology and Services Supply Chains

On January 19, 2021, the U.S. Department of Commerce (Commerce) issued interim final regulations (interim rules) implementing Executive Order 13873, Executive Order on Securing the Information and Communications Technology Services Supply Chain (EO), which was intended to address alleged threats against information and communications technology and services (ICTS) in the United States. The new review mechanism focuses on transactions involving any acquisition, importation, transfer, installation, dealing in, or use of ICTS that has been designed, developed, manufactured, or supplied by parties owned by, controlled by, or subject to the jurisdiction or direction of “foreign adversaries.”

While the focus on the rules is not foreign investment per se, it will complement the Committee on Foreign Investment in the United States’ (CFIUS) investment security review mechanisms. Indeed, the interim rules borrow several concepts and definitions from CFIUS’s recently amended regulations.

Commerce invited interested parties to submit comments on the interim rules. Parties must submit comments by March 22, 2021. Commerce will publish final regulations after considering any comments submitted.

This post provides key takeaways and a brief summary of Commerce’s new review mechanism.

(more…)

EmailShare
21 January 2021

A Digital Europe – Digital Health and other Recent EU Data Initiatives

Taking a step into the digital age, the European Commission announced that the 2020s shall become the EU’s Digital Decade.  The EU’s digitalization, including in the area of health, is one of the Commission’s key priorities and covers a wide range of actions and related initiatives.

Building on prior initiatives, in 2019 the Commission announced six key priorities (since supplemented by the COVID-19 recovery plan) that would shape the coming five years of policy making.  One of these six key priorities is to create a Europe fit for the digital age and work on a digital strategy that will empower people with a new generation of technologies.

(more…)

EmailShare
13 January 2021

Preparing Your 2020 Form 10-K: A Summary of Recent Key Disclosure Developments, Priorities, and Trends

This Sidley Practice Note highlights certain key disclosure considerations for preparing your annual report on Form 10-K for fiscal year 2020, including recent amendments to U.S. Securities and Exchange Commission (SEC) disclosure rules and other developments that will affect 2020 Form 10-K filings as well as certain significant disclosure trends and current areas of SEC staff focus for disclosures. Appendix A to this Practice Note sets forth a summary checklist of significant Regulation S-K amendments affecting 2020 Form 10-K filings, which are discussed in further detail. As always, we invite you to contact us with any questions on these topics or any other SEC reporting and compliance matters.

(more…)

EmailShare
08 January 2021

Trump Executive Order Blocks Transactions With Certain Chinese Software Applications

On January 5, 2021, President Donald Trump signed Executive Order (EO) 13971, banning certain transactions and activities with persons who “develop or control” eight Chinese “connected software applications,”1  specifically Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office. The prohibitions will come into effect 45 days after the issuance of the order, that is, February 19.

(more…)

EmailShare
24 December 2020

FinCEN Proposes Tracking and Reporting Virtual Currency Transactions Involving Unhosted Wallets

On December 18, 2020, the Financial Crimes Enforcement Network (FinCEN) issued a notice of proposed rulemaking (NPR) regarding a proposal to impose on banks1 and money service businesses (MSBs) new recordkeeping, reporting, and identity verification requirements in relation to certain transactions involving convertible virtual currency (CVC) or digital assets with legal tender status (legal tender digital assets or LTDA)2 if the counterparty to the transaction does not have an account with, including a digital asset wallet hosted by, a financial institution regulated under the U.S. Bank Secrecy Act (BSA) or certain foreign financial institutions not located in designated problematic jurisdictions. If adopted, the proposed rule will impose significant new burdens only on banks and MSBs involved in digital asset businesses and undercut the role of U.S. institutions in digital asset economies, including in the growing area of “decentralized finance.” The NPR proposes to exclude broker-dealers, futures commission merchants, and mutual funds, among others that are subject to the BSA from these new reporting requirements, but specifically requests the industry’s comment on whether these types of institutions should also be included within the scope of the rule.

Affected institutions will have very limited time to assess and comment on the NPR, as the comment period closes on January 4, 2021, notwithstanding two intervening federal holidays.

(more…)

EmailShare
1 2 3 22
XSLT Plugin by BMI Calculator