Board Governance & Cyber Risk Management

Privacy for All and Employees Excluded: Amendments to the CCPA That Have Traction

April 24, 2019 By Privacy, Cyber & Data Strategy Team

When first introduced on February 22, 2019, AB 1760 aimed to merely fix a few typographical errors in the California Consumer Privacy Act of 2018 (the “CCPA”). However, when AB 1760 was first amended on April 4, 2019, the bill turned into a wholesale replacement of the CCPA with the “Privacy For All Act of […]

SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues

April 18, 2019 By Kate Hanniford

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule, Regulation S-P, based on recent examinations. Placed in context with prior OCIE Risk Alerts concerning cybersecurity practices and Regulation S-P […]

CCPA Carve-Out for Online Advertising? Proposed Amendment Exempts Certain Advertising Data from Do-Not-Sell Restrictions

April 15, 2019 By Daniel Felz

California passed the California Consumer Privacy Act (CCPA) in September 2018, and the CCPA enters into force on January 1, 2020. One of the CCPA’s core elements is a right for consumers to know when a company is selling their data, and to opt-out of data sales at any time. This was the primary focus […]

FTC Announces New Cybersecurity Requirements, Privacy Rule Update

April 3, 2019 By Privacy, Cyber & Data Strategy Team

In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm Leach Bliley Act, and the FTC seeks comments for both. The FTC’s proposed update to the Safeguards Rule would impose a number of information security […]

Companion Cybersecurity Disclosure Bills Introduced in U.S. Congress

March 20, 2019 By Kate Hanniford

On February 28 and March 13, 2019, members of the U.S. Senate and U.S. House of Representatives introduced legislation designed to enhance the transparency of cybersecurity risk oversight at certain SEC reporting companies. Although the text of the House bill, H.R. 1731 is not yet publicly available, the bipartisan Senate bill, S. 592, would require […]