Legislative and regulatory activity continues apace, with four states making changes to their data privacy and cybersecurity legislation in the past month alone. West Virginia and Mississippi enacted new legislation while Virginia and Utah amended their existing data breach notification laws. Virginia On March 18, 2019, Virginia amended its data breach notification statute. (VA HB […]
Data Protection
Privacy for All and Employees Excluded: Amendments to the CCPA That Have Traction
When first introduced on February 22, 2019, AB 1760 aimed to merely fix a few typographical errors in the California Consumer Privacy Act of 2018 (the “CCPA”). However, when AB 1760 was first amended on April 4, 2019, the bill turned into a wholesale replacement of the CCPA with the “Privacy For All Act of […]
SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule, Regulation S-P, based on recent examinations. Placed in context with prior OCIE Risk Alerts concerning cybersecurity practices and Regulation S-P […]
CCPA Carve-Out for Online Advertising? Proposed Amendment Exempts Certain Advertising Data from Do-Not-Sell Restrictions
California passed the California Consumer Privacy Act (CCPA) in September 2018, and the CCPA enters into force on January 1, 2020. One of the CCPA’s core elements is a right for consumers to know when a company is selling their data, and to opt-out of data sales at any time. This was the primary focus […]
FTC Announces New Cybersecurity Requirements, Privacy Rule Update
In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm Leach Bliley Act, and the FTC seeks comments for both. The FTC’s proposed update to the Safeguards Rule would impose a number of information security […]