Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to companies operating within the EU that control or process data. Notably, it also applies to companies outside the EU that offer … Continue Reading
In the wake of the Equifax data breach, consumers, companies, and regulators alike are cognizant of the potential exposure of personal information, and many companies are looking at ways to decrease the risk of unauthorized disclosure of personal data. In creating effective data privacy policies and procedures, companies must also analyze requirements under certain statutes … Continue Reading
[This post is the first in a series of post which will examine the risks, rewards, innovative uses, and changing legal landscape of social media use by financial services institutions. Future blog posts will examine topics such as: monitoring and managing consumer complaints through social media, disgruntled employee use of social media, and control over content and message. … Continue Reading
The New York State Department of Financial Services’ (NYDFS) cybersecurity regulations went into effect March 1, 2017, and the first of the staggered implementation deadlines is quickly approaching on August 28, 2017. Touted by the NYDFS as the “first in the nation” comprehensive cybersecurity regulation, the new rules pose significant compliance challenges for those covered … Continue Reading
Last month, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued an Advisory which provided substantial guidance to financial institutions regarding the scope of information that must be provided in Suspicious Activity Reports (SARs) arising from cyber-events, cyber-enabled crime, and cyber-related information under the Bank Secrecy Act (BSA). When are financial institutions required to … Continue Reading
Cybersecurity remains a top focus of government regulators, and the prevailing trend is to encourage information sharing between the government and private entities to combat cybersecurity threats. In line with this theme, on February 9, 2016, President Obama directed his administration to implement a Cybersecurity National Action Plan (CNAP) intended to, among other things, enhance … Continue Reading
In a recent blog post on the Federal Trade Commission (FTC) Consumer Information blog, the FTC warned home buyers of an e-mail and wire transfer phishing scam in which hackers pose as real estate professionals or title companies and request buyers to wire their closing costs to the scammer’s account. The FTC noted that hackers … Continue Reading
The New York Department of Financial Services (NYDFS) recently surveyed the companies that it regulates to assess cybersecurity risks. After examining the surveys, the NYDFS seems prepared to propose regulations governing how financial institutions can better monitor and manage risk from a liability perspective. In line with a similar survey by the Office of the … Continue Reading
Yesterday, the Office of the Comptroller of the Currency (OCC) released its Semiannual Risk Perspective (the “Semiannual Risk Perspective”). The Semiannual Risk Perspective covers “key issues facing banks, focusing on those that pose threats to the safety and soundness of banks and their compliance with applicable laws and regulations.” While the OCC identifies four main … Continue Reading
On November 9, 2015, the New York State Department of Financial Services (“NYDFS”) issued a letter to several federal regulatory agencies and trade organizations advising of potential new state regulations intended to increase cybersecurity in the financial services industry. The NYDFS issued the letter following risk assessments performed in 2014 and 2015 that identified industry-wide … Continue Reading
