Category

Regulation

17 August 2021

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

On August 11, 2021, the Federal Financial Institutions Examination Council (FFIEC)1 issued guidance establishing risk management principles and practices to support the authentication of users accessing a financial institution’s information systems and customers accessing a financial institution’s digital banking services (the Guidance). The Guidance is not intended to serve … Read More

EmailShare
09 June 2021

NHS’ Plans to Share Patient Records with Third Parties

NHS Digital (the national custodian for health and care data in England) in May 2021, announced a new data sharing initiative called the General Practice Data for Planning and Research (GPDPR) service. The launch of the GPDPR could result in the historical medical records of up to 55 million patients … Read More

EmailShare
18 May 2021

Transferring EU Data To US After New Contractual Safeguards – A Proposal to Notify Intelligence Agencies of “US Person” Prohibition on Targeting SCC Transfers

This article was first published by Law360 on May 17, 2021.

In light of new standard contractual clauses, or SCCs, to be issued shortly by the European Commission, as well as imminent new guidance from the European Data Protection Board, companies transferring personal data to the U.S. should consider taking … Read More

EmailShare
20 April 2021

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

There just may be a new cybersecurity regulator in town.

In an effort it describes as “an important step” toward safeguarding more than $9.3 trillion in retirement assets, the U.S. Department of Labor (DOL) published its first cybersecurity guidance last week (Cybersecurity Guidance). The Cybersecurity Guidance is directed … Read More

EmailShare
19 March 2021

An Agency Is Born: California Appoints Board of Its New California Privacy Protection Agency

On March 17, 2021, California officials announced the appointment of five board members of the California Privacy Protection Agency ( the “CPPA”), the first data protection agency in the United States.  The CPPA, created by the California Privacy Rights Act (“CPRA”) which California voters approved in November 2020, is charged … Read More

EmailShare
02 February 2021

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

Most cybersecurity professionals are aware of the New York Department of Financial Service’s requirement imposed on DFS-licensed entities to certify their cybersecurity program’s compliance on an annual basis (by April 15th of each year), but less well known is that numerous other states impose similar requirements on regulated insurance entities … Read More

EmailShare
24 December 2020

FinCEN Proposes Tracking and Reporting Virtual Currency Transactions Involving Unhosted Wallets

On December 18, 2020, the Financial Crimes Enforcement Network (FinCEN) issued a notice of proposed rulemaking (NPR) regarding a proposal to impose on banks1 and money service businesses (MSBs) new recordkeeping, reporting, and identity verification requirements in relation to certain transactions involving convertible virtual currency (CVC) or digital assets … Read More

EmailShare
23 December 2020

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

On December 15, 2020, the U.S. Federal Deposit Insurance Corporation (FDIC) approved and the federal banking agencies jointly announced on December 18 a notice of proposed rulemaking, Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (NPR).1 The NPR is a joint proposal by the Office … Read More

EmailShare
21 December 2020

European Union Implements Changes to Export Control Rules

The EU Dual-Use Regulation regulates exports outside the EU, transfers inside the EU, transit through the EU and the brokering of certain sensitive goods, services, software and technology (referred to as “items”) that are considered “dual-use.” Dual-use items have both military and civil applications. The EU has updated its export … Read More

EmailShare
16 December 2020

European Union Launches Revolutionary Proposals to Regulate “Big Tech”

On December 15, the European Commission (Commission) proposed drafts of two landmark digital legislative packages — the Digital Markets Act (DMA), which proposes new competition rules for so-called “gatekeeper” platforms to address alleged unfair practices and make them more contestable by competitors, and the Digital Services Act (DSA), … Read More

EmailShare