Financial Regulators Continue Focus on Cybersecurity; CFTC joins the Chorus

Cybersecurity attacks have increasingly garnered significant attention this summer—and financial regulators are taking notice and taking action. Earlier in August, the Securities and Exchange Commission (“SEC”) announced the indictment of nine players in a major hacking ring. The ring was designed to obtain corporate announcements prior to their public release, to give purchasers of the illegally obtained information an edge in securities trading. The attack combined old-school securities fraud with new-school cybercrime, and served as a reminder of financial markets’ potential vulnerabilities from the ingenuity of cybercriminals.

Read More

EmailShare

Update on Impending Russian Data Localization Law

Despite having previously stated it would not issue further clarifications, in August 2015, the Russian Ministry of Communications and Mass Media (Minkomsvyaz) issued a further statement regarding the data localization law.  The Ministry of Communications is empowered to supervise the data protection authority (Roskomnadzor) and to provide interpretations of laws that fall within their purview (including the data localization law).  The Minkomsvyaz statement reiterated that the law does not have retroactive effect – personal data of Russians collected prior to September 1, 2015 may reside in foreign jurisdiction so long as they are not updated or changed, at which point they would be subject to the localization requirement.  The clarification further noted that data localization requirement would not apply to entities that are not resident in Russia.  This statement is notable for being issued in writing, and providing companies with a statement of standards and expectations that may be cited by companies should issues arise.

See previous coverage in Data Matters July 21, 2015 Post: Impending Russian Data Localization Law

Sidley does not practice law in Russia, so the information here is based on our understandings from public sources and discussions with local counsel. This article should not be construed as advice about Russian law.

EmailShare

Third Circuit Affirms FTC Authority to Regulate Cybersecurity

On Monday, the U.S. Court of Appeals for the Third Circuit issued its much-anticipated decision in Federal Trade Commission v. Wyndham Worldwide Corp., No. 14-3514 (3d Cir. Aug. 24, 2015), holding that the Federal Trade Commission has the authority to bring an action under Section 5 of the FTC Act for allegedly “unfair” cybersecurity practices.

Read More

EmailShare

Amended Chinese Advertising Law Provides New Tool to Protect Privacy

On April 24, 2015, China amended its Advertising Law for the first time since its initial promulgation in 1994.  The amended Advertising Law (the “Amended Law”) will take effect on September 1, 2015.  In the absence of a comprehensive data protection law in China, the Amended Law introduces certain provisions addressing data and privacy issues, in addition to existing data privacy rules which are scattered in various laws and regulations.

Read More

EmailShare

NAIC Drafts Cybersecurity “Bill of Rights” for Insurance Consumers

On July 27, 2015, the Cybersecurity Task Force (Cybersecurity Task Force) of the National Association of Insurance Commissioners (NAIC) released a draft cybersecurity “Bill of Rights” suggesting certain rights for insurance consumers to have their personal information protected by insurance companies, insurance producers and other entities regulated by state insurance departments. Comments on the draft were due by close of business on August 10, 2015 and a final version could be adopted during the NAIC’s upcoming National Meeting in Chicago in mid-August 2015. The Cybersecurity Bill of Rights is one of several insurance regulatory measures designed to safeguard personal information of insurance consumers, which is particularly vulnerable in data breaches because it often contains social security numbers, financial information, addresses and sensitive medical information.  Cybersecurity has become an even higher priority among insurance regulators since the Anthem, Inc. data breach and the NAIC formed the Cybersecurity Task Force to coordinate regulatory efforts in this area.

Read More

EmailShare

Securities Firm Avoids FTC Action for Data Security Practices Due to Adoption of Insider Threat Program

On April 10, 2015, the FTC closed its data security investigation of a securities firm after one of its employees moved the  personal information of the certain of the firm’s wealth management clients to personal devices and a personal website.  Ultimately, the personal data became available on publicly accessible websites.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator