In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm Leach Bliley Act, and the FTC seeks comments for both. The FTC’s proposed update to the Safeguards Rule would impose a number of information security […]
Regulation
Companion Cybersecurity Disclosure Bills Introduced in U.S. Congress
On February 28 and March 13, 2019, members of the U.S. Senate and U.S. House of Representatives introduced legislation designed to enhance the transparency of cybersecurity risk oversight at certain SEC reporting companies. Although the text of the House bill, H.R. 1731 is not yet publicly available, the bipartisan Senate bill, S. 592, would require […]
Proposed Amendment to California Consumer Privacy Act Would Expand Private Right of Action
On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of […]
The FTC Decides to Uphold the CAN-SPAM Rule Without Any Changes
On February 12, 2019, the Federal Trade Commission announced that it completed its first review of the CAN-SPAM Rule, a rule governing commercial e-mail. Based on its review, the FTC announced its decision, available here, to “retain the [R]ule in its present form.” The FTC reviewed public comments and proposals in making its determination. According […]
NYDFS Cybersecurity Regulations Nearly Fully Effective
The February 15, 2019 NYDFS compliance certification deadline represents the last annual compliance certification subject to the transition period for covered entities to come into compliance with the cybersecurity regulations. NYDFS now expects covered entities to certify as to their compliance with all but one provision of the cybersecurity regulations which relates to the implementation […]