On May 9, 2019, a federal grand jury unsealed an indictment of two members of a Chinese hacking group charged with a series of computer intrusions, including their involvement in the 2015 data breach at Anthem Inc., which affected the data of over 78 million people. In an announcement by the Justice Department’s Criminal Division, […]
Board Governance & Cyber Risk Management
Which CCPA Amendments Made the Cut?
We may now have more clarity on what the California Consumer Privacy Act (the “CCPA”) will look like when it goes into effect on January 1, 2020. The California Assembly’s Committee on Privacy and Consumer Protection approved a series of bills last week that will now advance to the Appropriations Committee before being put to […]
Spring Legislative Update: Two New Laws and Two Amendments
Legislative and regulatory activity continues apace, with four states making changes to their data privacy and cybersecurity legislation in the past month alone. West Virginia and Mississippi enacted new legislation while Virginia and Utah amended their existing data breach notification laws. Virginia On March 18, 2019, Virginia amended its data breach notification statute. (VA HB […]
Privacy for All and Employees Excluded: Amendments to the CCPA That Have Traction
When first introduced on February 22, 2019, AB 1760 aimed to merely fix a few typographical errors in the California Consumer Privacy Act of 2018 (the “CCPA”). However, when AB 1760 was first amended on April 4, 2019, the bill turned into a wholesale replacement of the CCPA with the “Privacy For All Act of […]
SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule, Regulation S-P, based on recent examinations. Placed in context with prior OCIE Risk Alerts concerning cybersecurity practices and Regulation S-P […]