On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help prepare for state cybersecurity exams and, ultimately, improve cybersecurity maturity. Developed by a multi-state team of cybersecurity examination experts, the Baseline Nonbank Cybersecurity Exam Program and the Enhanced Nonbank Cybersecurity Exam Program (the […]
SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously
On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of Regulation S-P that arose in the context of a data disposal process, imposing a $35 million penalty. Specifically, the SEC […]
California Privacy Protection Agency Initiates Notice and Comment Period for CCPA Regulations
The California Privacy Protection Agency (the “CPPA”) has issued a Notice of Proposed Rulemaking, as anticipated, for amendments to regulations the California Attorney General promulgated in 2020, and to propose new regulations under the CPPA’s mandate provided in the California Privacy Rights Act. The comment period closes on August 23, 2022. There will be a […]
DOJ Issues New Policy on CFAA Prosecutions
Today, the Department of Justice (“DOJ”) updated its policy regarding charging violations under the Computer Fraud and Abuse Act (“CFAA”). This is the first update to the DOJ’s policy since 2014, and it is effective immediately. The policy states that all federal prosecutors who wish to charge cases under the CFAA must follow the new […]
EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]