Most businesses are already familiar with the Fair Credit Reporting Act (“FCRA”) and the various requirements to protect the fairness, accuracy, and privacy of consumer credit information. However, a recent FTC enforcement action against the retailer Kohl’s Department Store, Inc. (“Kohl’s”) has brought a rarely used provision of the statute to light. This provision—codified […]
Enforcement
California AG Publishes Final CCPA Regulations, Seeks Possible July 1 Effective Date
Since the California Consumer Privacy Act (CCPA) entered into force on January 1, 2020, many companies have been closely following the development of CCPA Regulations by the California Attorney General’s Office (AG’s Office). The AG’s Office released an initial draft of the CCPA Regulations in October 2019, prompting over 3,000 pages of public comment (read […]
COVID-19 Is Not A Free Pass For Privacy And Security Compliance
In the wake of stay-at-home orders stemming from the COVID-19 pandemic, companies have rushed to provide work-from-home options for many, if not all, of their employees. As exigency fades into the new normal, however, the California Attorney General and New York’s Department of Financial Services (NYDFS) – two key privacy and security regulators – have […]
FTC Consumer Protection Bureau Director Highlights Efforts to Strengthen Data Security Orders
On January 6, 2020, the Federal Trade Commission’s (FTC) Bureau of Consumer Protection Director Andrew Smith published a blog post summarizing the agency’s “New and improved FTC data security orders,” as part of its efforts to provide “better guidance for companies” and “better protection for consumers.” Smith noted that strengthening the FTC’s orders in data […]
Treasury Announces Sanctions Against Cybercriminal Group Behind ‘Dridex’ Malware, Offering Mitigation Strategies for Businesses
On December 5, 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against Evil Corp, a Russian cybercriminal organization that is known for distributing the Dridex malware. Dridex is a banking trojan that has been used to target financial institutions across the globe and has resulted in more than $100 million […]