On Oct. 22, 2024, the CFPB issued a final rule that will require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s final rule, called the “Personal Financial Data Rights Rule,” implements Section 1033 of Title X of the Dodd-Frank Act, a to-date

On April 4, 2024, the CFPB issued a report titled “Banking in Video Games and Virtual Worlds” that examines the financial and privacy risks to consumers in online video gaming marketplaces.

The CFPB’s report explains that gaming platforms facilitate the storage and exchange of valuable assets while collecting large amounts of data from their users.

In a Halloween-eve move sure to send shivers down the spines of every public company’s CISO, on Oct. 30, the SEC filed a securities fraud complaint targeting SolarWinds’ CISO in the wake of their major December 2020 data security incident. The SEC alleges SolarWinds and its CISO committed securities fraud in connection with multiple public

On Oct. 19, 2023, the CFPB released a proposed rule that, if finalized in its present form, would require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s proposed rule, called the “Personal Financial Data Rights” rule, would implement Section 1033 of Title

On Nov. 9, 2022, the New York Department of Financial Services (NYDFS) issued a proposed second amendment to its 2017 cybersecurity regulation for financial service companies.[1] In July 2022, NYDFS issued a draft version of the changes, but the current amendment has significant changes. Most of the proposed changes will take effect 180 days