The Federal Financial Institutions Examination Council (FFIEC) has issued two joint statements warning of specific cyber risks. The warnings, which were issued on March 30, 2015, address risks arising from destructive malware, which can destroy sensitive data, and cyber-attacks that compromise user credentials. In both statements, the FFIEC also provides guidance on how to mitigate […]
Board Governance & Cyber Risk Management
President Obama Signs Executive Order Authorizing Sanctions for Cyber Attacks, Use of Stolen Data
On April 1, 2015, the White House unveiled Executive Order 13694, which authorizes the Treasury Department to sanction entities outside of the United States that engage in “cyber-enabled activities” that are “reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial […]
FCC Advisory Group Issues Cyber Risk Management Report
On March 18, the Federal Communications Commission (“FCC”) approved the Final Report on cybersecurity risk management and best practices issued by Working Group 4 (“WG4”) of its Communications, Security, Reliability, and Interoperability Council (“CSRIC”). The CSRIC, currently in its fourth assembly, is an advisory committee tasked with providing recommendations to the FCC to achieve “among […]
FTC Finalizes Order With TRUSTe On Privacy Seal Program
The Federal Trade Commission (FTC) has issued its final decision and order arising from its previously-disclosed settlement with TRUSTe stemming from the FTC’s complaint alleging that TRUSTe failed to conduct promised annual recertification of companies participating in its privacy seal program more than 1,000 times between 2006 and 2013. The complaint also alleged that TRUSTe […]
White House Releases Consumer Privacy Bill of Rights
On February 27, 2015, the Obama Administration released a discussion draft of the Consumer Privacy Bill of Rights Act of 2015 (the “Privacy Act”), holding true to President Barack Obama’s commitment in 2012 to introduce legislation to put the Privacy Act’s principles into law. The Privacy Act is intended to “establish baseline protections for individual […]