Legislative and regulatory activity continues apace, with four states making changes to their data privacy and cybersecurity legislation in the past month alone. West Virginia and Mississippi enacted new legislation while Virginia and Utah amended their existing data breach notification laws. Virginia On March 18, 2019, Virginia amended its data breach notification statute. (VA HB […]
Data Security
SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule, Regulation S-P, based on recent examinations. Placed in context with prior OCIE Risk Alerts concerning cybersecurity practices and Regulation S-P […]
FTC Announces New Cybersecurity Requirements, Privacy Rule Update
In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm Leach Bliley Act, and the FTC seeks comments for both. The FTC’s proposed update to the Safeguards Rule would impose a number of information security […]
Proposed Amendment to California Consumer Privacy Act Would Expand Private Right of Action
On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of […]
HHS Releases New “Health Industry Cybersecurity Practices”
On December 28, 2018, the Department of Health and Human Services (HHS) issued new voluntary cybersecurity guidance for the health care industry titled, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.” This four-volume set of consensus-based principles and practices (the “HICP”) reflects the recommendations of the 405(d) Task Group, a HHS and industry-led collaborative […]