Federal banking regulators continue to promote a more "crypto-positive" regulatory environment through recent joint guidance issued to clarify risk management and compliance expectations for banks providing crypto-asset...more
7/16/2025
/ Anti-Money Laundering ,
Banks ,
Consumer Financial Products ,
Cryptoassets ,
Cryptocurrency ,
Cybersecurity ,
Digital Assets ,
FDIC ,
Federal Reserve ,
Financial Regulatory Reform ,
Financial Services Industry ,
Investment ,
OCC ,
Popular ,
Regulatory Requirements ,
Risk Management
The Transportation Security Administration's ("TSA") proposed rule would require owners and operators of certain pipeline, freight railroad, passenger railroad, rail transit, and over-the-road bus ("OTRB") systems to...more
12/2/2024
/ Comment Period ,
Cybersecurity ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Proposed Rules ,
Railroads ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
Surface Transportation ,
Transportation Security Administration
California's privacy enforcement agency has published crucial data minimization guidance for businesses....more
Proposed amendments to the California Consumer Privacy Act would require businesses to obtain opt-in consent prior to collecting, selling, sharing, using, or disclosing a minor's personal information....more
The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more
2/14/2024
/ Audits ,
Automation Systems ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Decision-Making Process ,
Innovative Technology ,
New Regulations ,
Personal Information ,
Privacy Concerns ,
Risk Assessment ,
Rulemaking Process ,
Software
On December 26, 2023, the Department of Defense ("DoD") published a proposed rule to implement the Cybersecurity Maturity Model Certification ("CMMC") 2.0, which will establish comprehensive cybersecurity requirements for...more
On December 20, 2023, the Federal Trade Commission ("FTC") announced a Notice of Proposed Rulemaking ("NPRM") to revise the Children's Online Privacy Protection Act ("COPPA") Rule to reduce the amount of information...more
12/28/2023
/ Comment Period ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
Notice of Proposed Rulemaking (NOPR) ,
Online Platforms ,
Online Safety for Children ,
Personal Information ,
Regulatory Agenda ,
Social Media
New York is the first state to propose cybersecurity requirements for all hospitals operating in the state to address patient safety and other cybersecurity related issues....more
12/1/2023
/ Chief Information Security Officer (CISO) ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
New York ,
NYDFS ,
Patient Privacy Rights ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
A major amendment to the New York State Department of Financial Services' cybersecurity regulations establishes affirmative cybersecurity oversight duties and requires companies to report extortion payments to the agency....more
11/16/2023
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Extortion ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
NYDFS ,
Popular ,
Risk Assessment ,
Third-Party Service Provider
On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more
11/1/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Machine Learning ,
Regulatory Reform ,
Security Standards
On August 15, 2023, the Consumer Financial Protection Bureau ("CFPB") announced it was launching a rulemaking aimed at subjecting any company or entity that collects and sells consumer data to the Fair Credit Reporting Act...more
8/28/2023
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Consumer Reports ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
Personal Data ,
Popular ,
Rulemaking Process
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
On March 28, 2023, Iowa—following California, Colorado, Connecticut, Utah, and Virginia—became the sixth state to adopt a comprehensive consumer data privacy law.
On March 28, 2023, Iowa Governor Kim Reynolds signed "An...more
In Short:
The Situation: The cyber insurance market is experiencing a major retrenchment, with insurers seeking to limit their exposure in a variety of ways....more
In Short -
The Situation: The California Privacy Protection Agency ("CPPA" or "Agency") has modified its proposed regulations implementing many key California Privacy Rights Act ("CPRA") requirements....more
The OMB has issued memorandum M-22-18 with new security requirements (the "Rules") requiring federal agencies to ensure that all third-party software they use complies with secure software development standards and guidance...more
On August 24, 2022, California Attorney General Rob Bonta announced his office's first privacy enforcement action and settlement against a publicly disclosed entity, Sephora, Inc., for violations of the CCPA, including the...more
Musical.ly app receives $5.7 million fine for collecting personal information in violation of the Children's Online Privacy Protection Act
On February 27, 2019, the Federal Trade Commission ("FTC") issued a record $5.7...more
3/8/2019
/ Civil Monetary Penalty ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Websites
The Situation: The SEC accused Altaba Inc., then known as Yahoo! Inc., of misleading investors by failing to disclose a major data breach orchestrated by Russian hackers.
The Result: Altaba has agreed to pay $35 million to...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
3/15/2017
/ Actual Injuries ,
Advertising ,
Argentina ,
Australia ,
Banks ,
Belgium ,
Big Data ,
Canada ,
China ,
Class Action ,
Colombia ,
Connected Items ,
Consumer Protection Act ,
Controlled Unclassified Information (CUI) ,
Credit Cards ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Databases ,
Department of Homeland Security (DHS) ,
Department of Transportation (DOT) ,
Email Policies ,
ENISA ,
EU ,
EU Data Protection Laws ,
Fair Credit Reporting Act (FCRA) ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
FinTech ,
France ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Germany ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Information Sharing ,
International Data Transfers ,
Investigatory Powers Act 2016 ,
Italy ,
Japan ,
Mexico ,
National Security ,
Netherlands ,
NIST ,
NYDFS ,
OCIE ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Settlement Agreements ,
Singapore ,
Spain ,
Spokeo ,
Standing ,
State Data Breach Notification Statutes ,
Swiss Privacy Shield ,
Switzerland ,
TCPA ,
Telemarketing ,
UK ,
V2V ,
Web Tracking