Alston & Bird Privacy, Cyber & Data Strategy Blog

CSBS Releases Cybersecurity Programs to Help Nonbank Financial Services Institutions Improve Cybersecurity Posture

September 28, 2022 By Ross Speier, Kim Peretti, Nanci Weissgold and Lance Taubin

On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help prepare for state cybersecurity exams and, ultimately, improve cybersecurity maturity. Developed by a multi-state team of cybersecurity examination experts, the Baseline Nonbank Cybersecurity Exam Program and the Enhanced Nonbank Cybersecurity Exam Program (the “Programs”) are a set of cybersecurity questions used by state examiners to assess the … [Read more] about CSBS Releases Cybersecurity Programs to Help Nonbank Financial Services Institutions Improve Cybersecurity Posture

SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously

September 26, 2022 By Kate Hanniford and Mario Ayoub

On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of Regulation S-P … [Read more] about SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously

NHTSA Updates its Guidance on Cybersecurity Best Practices for the Safety of Modern Vehicles

September 15, 2022 By Kim Peretti, Amy Mushahwar and Kristen Bartolotta

On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of … [Read more] about NHTSA Updates its Guidance on Cybersecurity Best Practices for the Safety of Modern Vehicles

CISA Issues Request for Information Prior to Required CIRCIA Rulemaking

September 13, 2022 By Kim Peretti, Kellen Dwyer and Kristen Bartolotta

On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed by … [Read more] about CISA Issues Request for Information Prior to Required CIRCIA Rulemaking

Sephora Ordered to “Make-Up” for CCPA Violations

September 7, 2022 By Sara Guercio

On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million dollar settlement with Sephora to account for alleged violations of the California Consumer Privacy Act (CCPA). This is the first CCPA enforcement action taken by the … [Read more] about Sephora Ordered to “Make-Up” for CCPA Violations