FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

On August 11, 2021, the Federal Financial Institutions Examination Council (FFIEC)1 issued guidance establishing risk management principles and practices to support the authentication of users accessing a financial institution’s information systems and customers accessing a financial institution’s digital banking services (the Guidance). The Guidance is not intended to serve as a comprehensive framework but rather provides financial institutions with examples of effective risk management practices without endorsing any specific information security framework or standard.

Read More

EmailShare

Upcoming TPI Panel: What Have We Learned About Privacy from the Pandemic, and What Does it Mean Going Forward?

Please join us for a panel discussion titled, “What Have We Learned About Privacy from the Pandemic, and What Does it Mean Going Forward?” at the Technology Policy Institute (TPI) 2021 Aspen Forum on Monday, August 16. In addition to the COVID-19 pandemic and its impact on data privacy, the panel will discuss privacy legislation, the Biden Administration and Federal Trade Commission (FTC), Schrems, and disruptive technologies.

Read More

EmailShare

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

In recent weeks, Connecticut passed An Act Concerning Data Privacy Breaches (“The Act”), and the Uniform Law Commission approved and recommended the Uniform Personal Data Protection Act (“UPDPA”).  With the growing patchwork of state data privacy laws continuing to pose challenges for compliance—and the potential for federal data privacy legislation at the forefront of policy debates—the UPDPA may provide state legislators with a path toward a standardized statutory scheme.

Read More

EmailShare

West Coast, East Coast, and Now Mountains, Too: Colorado Joins the Comprehensive State Privacy Law Club

With the U.S. Congress continuing to stymie federal omnibus privacy legislation, states have decidedly taken up the call. Most recently, on July 8, 2021, Colorado Gov. Jared Polis signed into law Senate Bill 21-190, the Colorado Privacy Act (CPA). With the signing of the CPA, which will largely go into effect on July 1, 2023, Colorado became the third state to enact comprehensive privacy legislation following the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). Other states have taken a more limited approach, most notably Nevada, which increased the scope of the right to opt out of personal data sales under its targeted privacy law.

Read More

EmailShare

Enhanced Focus on Digital Asset Intermediaries by SEC, Congress, and State Securities Regulators

Given the substantial growth in digital asset investments this year, intermediaries offering trading and lending services are now the target of regulatory and enforcement focus that we expect will continue in the coming months and years. Recent examples of this increased scrutiny of digital asset service providers and intermediaries include

  • Securities and Exchange Commission (SEC) Chair Gary Gensler’s keynote for the American Bar Association Derivatives and Futures Committee, which touched on the regulation of cryptocurrencies, including statements that decentralized finance (DeFi) are implicated by securities laws
  • the letter from Sen. Elizabeth Warren, D-Mass., to Chair Gensler requesting further information about the SEC’s authority to regulate cryptocurrency exchanges
  • recent actions by state securities regulators against the financial services platform BlockFi related to a digital asset lending program alleging that these products are unregistered securities offerings
  • the SEC settlement with Coinschedule, which operated a token-offering website and failed to disclose the compensation it received from token issuers in violation of antitouting provisions

Read More

EmailShare

U.S. Supreme Court Tightens Standing Requirements in TransUnion Decision

On June 25, 2021, the Supreme Court of the United States handed down its decision in TransUnion LLC v. Ramirez, which tightened the Court’s requirements for showing standing and will significantly affect class action litigation, particularly in cases involving causes of action created by federal statute or involving allegations of a potential risk of injury.

Read More

EmailShare

European Commission Adopts UK Adequacy Decisions Allowing Personal Data to Freely Flow from the EU to the UK

On 28 June 2021, the European Commission announced that it has adopted two adequacy decisions for the UK, one under the General Data Protection Regulation (GDPR) and one under the Data Protection Directive with Respect to Law Enforcement (Law Enforcement Directive) (Adequacy Decisions). The announcement comes just two days before the bridging period for data transfers between the EU and the UK was set to expire. In its assessment, the European Commission has determined the UK’s data protection laws are “essentially equivalent” to the data protection laws ensured within the EU. As a result of the Adequacy Decisions, personal data can continue to freely flow between the EU to the UK without the need for a data transfer safeguard (e.g., Standard Contractual Clauses or SCCs) in place. This announcement comes as very welcome news to many organisations transferring data between the EU and the UK.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator