California passed the California Consumer Privacy Act (CCPA) in September 2018, and the CCPA enters into force on January 1, 2020. One of the CCPA’s core elements is a right for consumers to know when a company is selling their data, and to opt-out of data sales at any time. This was the primary focus […]
Board Governance & Cyber Risk Management
FTC Announces New Cybersecurity Requirements, Privacy Rule Update
In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm Leach Bliley Act, and the FTC seeks comments for both. The FTC’s proposed update to the Safeguards Rule would impose a number of information security […]
Companion Cybersecurity Disclosure Bills Introduced in U.S. Congress
On February 28 and March 13, 2019, members of the U.S. Senate and U.S. House of Representatives introduced legislation designed to enhance the transparency of cybersecurity risk oversight at certain SEC reporting companies. Although the text of the House bill, H.R. 1731 is not yet publicly available, the bipartisan Senate bill, S. 592, would require […]
Proposed Amendment to California Consumer Privacy Act Would Expand Private Right of Action
On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of […]
NYDFS Cybersecurity Regulations Nearly Fully Effective
The February 15, 2019 NYDFS compliance certification deadline represents the last annual compliance certification subject to the transition period for covered entities to come into compliance with the cybersecurity regulations. NYDFS now expects covered entities to certify as to their compliance with all but one provision of the cybersecurity regulations which relates to the implementation […]