On Aug. 11, 2022, the U.S. Consumer Financial Protection Bureau issued guidance indicating that financial institutions and service providers that fail to adopt sufficient data security measures to protect consumer financial data may violate the Consumer Financial Protection Act provision prohibiting unfair acts and practices.
Jessica D. Pedersen
Jessica Pedersen advises businesses on complex data privacy and cybersecurity issues. Jessica has experience counseling a diverse range of companies on compliance with both existing and emerging privacy and security laws, including the E.U.’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). In addition, she assists clients in preparing for and responding to cybersecurity threats, including designing data breach tabletop exercises, managing data breach response, and defending privacy and data breach litigation. Jessica also represents clients in related regulatory investigations. She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US).
Federal Banking Regulators Issue 36-Hour Cybersecurity Breach Notification Requirement
Beginning in April 2022, banking organizations and bank service providers will be subject to the shortest regulatory breach notification reporting time frame of any law to date – 36 hours.
With Updated Safeguards Rule, FTC Signals New Wave of Cybersecurity Enforcement for Financial Institutions
On Oct. 27, 2021, the Federal Trade Commission (FTC) amended its Standards for Safeguarding Customer Information (the “Safeguards Rule”), promulgated under the Gramm-Leach-Bliley Act (GLBA).
This GT Alert covers the following: