On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity theft, in violation of the SEC’s Identity Theft Red Flags Rule, or Regulation S-ID. Regulation S-ID requires registered financial institutions, broker dealers, and investment advisers […]
Data Protection
UK Information Commissioner’s Office Issues Warning on Ransomware Payments
On July 8, 2022, the UK Information Commissioner’s Office (UK ICO) together with the UK National Cyber Security Centre (NCSC), published a joint letter asking the Law Society of England & Wales to remind its members that they should not advise clients to pay ransomware demands should they fall victim to a cyber-attack. The Law […]
Maryland Amends Data Breach and Reasonable Security Requirements
Maryland recently passed House Bill 962, amending Maryland’s Personal Information Protection Act (PIPA) (Md. Code Ann. Comm. Law 14-3504). As summarized below, House Bill 962 amends certain aspects of PIPA relating to breach notification and maintaining reasonable security measures to protect personal information. The bill becomes effective October 1, 2022. Reasonable Security: Beginning October 1, […]
Belgian Supervisory Authority Sanctions News Media Company for Violating Cookie Rules
On May 25th, the Belgian Supervisory Authority (“GBA”) announced that it had imposed a fine of EUR 50,000 on a Belgium-based news media company for using cookies on its websites without complying with applicable cookie law requirements. The GBA decided to sanction the company mainly because although the company had obtained consent from website visitors […]
EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]