On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help prepare for state cybersecurity exams and, ultimately, improve cybersecurity maturity. Developed … [Read more] about CSBS Releases Cybersecurity Programs to Help Nonbank Financial Services Institutions Improve Cybersecurity Posture
On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of Regulation S-P … [Read more] about SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously
On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of … [Read more] about NHTSA Updates its Guidance on Cybersecurity Best Practices for the Safety of Modern Vehicles
On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed by … [Read more] about CISA Issues Request for Information Prior to Required CIRCIA Rulemaking
On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million dollar settlement with Sephora to account for alleged violations of the California Consumer Privacy Act (CCPA). This is the first CCPA enforcement action taken by the … [Read more] about Sephora Ordered to “Make-Up” for CCPA Violations