On Nov. 9, 2022, the New York Department of Financial Services (NYDFS) issued a proposed second amendment to its 2017 cybersecurity regulation for financial service companies. In July 2022, NYDFS issued a draft version of the changes, but the current amendment has significant changes. Most of the proposed changes will take effect 180 days
CFPB Warns Insufficient Data Security Measures May Violate Consumer Financial Protection Act
On Aug. 11, 2022, the U.S. Consumer Financial Protection Bureau issued guidance indicating that financial institutions and service providers that fail to adopt sufficient data security measures to protect consumer financial data may violate the Consumer Financial Protection Act provision prohibiting unfair acts and practices.
Feb. 2 Event | What to Expect in 2022: Financial Services Litigation
Join us as we discuss significant financial services cases and trends from 2021 and risks and issues for companies to watch for in 2022, including movements in mass arbitrations and class actions. We will also share thoughts on how to narrow or eliminate these risks going forward.
Wednesday, Feb. 2, 2022
12-1 p.m. EST
Federal Banking Regulators Issue 36-Hour Cybersecurity Breach Notification Requirement
Beginning in April 2022, banking organizations and bank service providers will be subject to the shortest regulatory breach notification reporting time frame of any law to date – 36 hours.
With Updated Safeguards Rule, FTC Signals New Wave of Cybersecurity Enforcement for Financial Institutions
On Oct. 27, 2021, the Federal Trade Commission (FTC) amended its Standards for Safeguarding Customer Information (the “Safeguards Rule”), promulgated under the Gramm-Leach-Bliley Act (GLBA).
This GT Alert covers the following:
Financial institution confusion: Are financial institutions fully exempt from the CCPA, CPRA, VCDPA, and CPA?
The Gramm–Leach–Bliley Act (GLBA) and its implementing regulations impose privacy requirements when financial institutions collect “nonpublic personal information about individuals who obtain financial products or services primarily for personal, family, or household purposes.” GLBA does not apply, however, when a financial institution collects information about individuals “who obtain financial products or services for business,…