Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

CalCoPA – Does It Apply to Your Organization?

As discussed in Part 1, the California Consumer Privacy Act of 2018 (CalCoPA) is a game-changing privacy act that sets a new bar for consumer privacy rights in the U.S. The primary reason it differs from existing legislation is that it goes beyond merely having to provide assurances or notices and requires organizations to be … Continue Reading

Potential Bank Customer Data Exposed through Fiserv Platform Flaw

Security researchers and cybersecurity experts recently discovered a weakness in Fiserv’s web platform, which may have exposed the personal and financial details of customers across hundreds of internet banking sites. The flaw involved a messaging platform used by Fiserv to send account alerts to customers of Fiserv-affiliated banks. These alerts can be set up to notify … Continue Reading

California Sets the Bar for Privacy with the Passage of The California Consumer Privacy Act of 2018 – Part I

As most people started to wind down for the July 4th holiday week, California was just ramping up its “as California goes” focus on data privacy. On June 28, 2018, California passed a comprehensive data privacy bill that has been touted as the strictest in the nation. The good news first—businesses have until January 1, … Continue Reading

FFIEC Highlights Cyber Insurance for Financial Institutions

The Federal Financial Institutions Examination Council (FFIEC) has issued a joint statement emphasizing the need for lenders and servicers to include cyber insurance in their risk management program. Although the FFIEC did not announce new regulatory requirements or expectations, the announcement is further evidence of what most in the industry have already recognized: Cyber coverage … Continue Reading

Better Late than Never? Alabama, the 50th State to Pass a Data Breach Law

On March 1, 2018, the Alabama Senate unanimously passed the Alabama Data Breach Notification Act of 2018 (SB 318). On March 22, 2018, the House of Representatives, following an amendment by the Technology and Research Committee, also passed SB 318. Just a day prior to the Alabama House passing SB 318, South Dakota Governor Dennis Daugaard signed SB … Continue Reading

Five Privacy Practices Every Company Should Address in the Wake of the FTC’s Enforcement Action against PayPal

Privacy is serious business. This was made clear in the Federal Trade Commission’s (FTC) recent announcement that it had settled its complaint against Venmo, PayPal’s peer-to-peer payment service, for misrepresentations to consumers regarding privacy and security settings. Although the terms of the settlement do not become final until approval by the FTC on or about … Continue Reading

Will Congress Upend Credit Reporting Agencies’ Cybersecurity Regulation in Light of Recent Data Breach?

Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) introduced the Data Breach Prevention and Compensation Act on January 10, 2018 in an effort to increase accountability of large Credit Reporting Agencies (CRAs) for data breaches involving consumer data. The bill, drafted in response to the September 2017 Equifax data breach revelations, seeks to impose direct administrative … Continue Reading

Parallel Universe or Coincidence: The CFPB’s New Data Consumer Protection Principles’ Relationship to GDPR

On October 18, 2017, the Consumer Financial Protection Bureau (CFPB) outlined nine non-binding Consumer Protection Principles (the Principles) for the access and sharing of consumer information between third-party companies. The Principles focus on the consumer experience, specifically consumers’ enhanced control over their financial lives. The CFPB envisions a marketplace in which consumers are in the … Continue Reading

Foreign No More: Transferring Data on Demand U.S. Companies and GDPR Data Portability

Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to companies operating within the EU that control or process data. Notably, it also applies to companies outside the EU that offer … Continue Reading

CFPB Walks the Data Privacy Tightrope on Public HMDA Disclosures

In the wake of the Equifax data breach, consumers, companies, and regulators alike are cognizant of the potential exposure of personal information, and many companies are looking at ways to decrease the risk of unauthorized disclosure of personal data. In creating effective data privacy policies and procedures, companies must also analyze requirements under certain statutes … Continue Reading

The Bank Next Door: Part I – Using Social Media to “Friend” Customers

[This post is the first in a series of post which will examine the risks, rewards, innovative uses, and changing legal landscape of social media use by financial services institutions. Future blog posts will examine topics such as: monitoring and managing consumer complaints through social media, disgruntled employee use of social media, and control over content and message. … Continue Reading

New York Sets Its Sights on Cybersecurity Weaknesses at Financial Institutions

The New York State Department of Financial Services’ (NYDFS) cybersecurity regulations went into effect March 1, 2017, and the first of the staggered implementation deadlines is quickly approaching on August 28, 2017. Touted by the NYDFS as the “first in the nation” comprehensive cybersecurity regulation, the new rules pose significant compliance challenges for those covered … Continue Reading

Banks Should Prepare for Increased Collaboration between IT, Legal and BSA/AML Compliance Departments under New FinCEN Guidance

Last month, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued an Advisory which provided substantial guidance to financial institutions regarding the scope of information that must be provided in Suspicious Activity Reports (SARs) arising from cyber-events, cyber-enabled crime, and cyber-related information under the Bank Secrecy Act (BSA). When are financial institutions required to … Continue Reading

Preparing for Increased Cybersecurity Information Sharing

Cybersecurity remains a top focus of government regulators, and the prevailing trend is to encourage information sharing between the government and private entities to combat cybersecurity threats. In line with this theme, on February 9, 2016, President Obama directed his administration to implement a Cybersecurity National Action Plan (CNAP) intended to, among other things, enhance … Continue Reading

Buyer Beware – Know Before You Wire: FTC and NAR Warn Home Buyers on Closing Costs Wire Transfer Phishing Scams

In a recent blog post on the Federal Trade Commission (FTC) Consumer Information blog, the FTC  warned home buyers of an e-mail and wire transfer phishing scam in which hackers pose as real estate professionals or title companies and request buyers to wire their closing costs to the scammer’s account. The FTC noted that hackers … Continue Reading

Video Interview: Discussing Possible Cybersecurity Recommendations from the NY Department of Financial Services

The New York Department of Financial Services (NYDFS) recently surveyed the companies that it regulates to assess cybersecurity risks. After examining the surveys, the NYDFS seems prepared to propose regulations governing how financial institutions can better monitor and manage risk from a liability perspective. In line with a similar survey by the Office of the … Continue Reading

Third Party Service Providers Remain in the Spotlight

Yesterday, the Office of the Comptroller of the Currency (OCC) released its Semiannual Risk Perspective (the “Semiannual Risk Perspective”). The Semiannual Risk Perspective covers “key issues facing banks, focusing on those that pose threats to the safety and soundness of banks and their compliance with applicable laws and regulations.” While the OCC identifies four main … Continue Reading

New York DFS Set to Regulate Cybersecurity Rules

On November 9, 2015, the New York State Department of Financial Services (“NYDFS”) issued a letter to several federal regulatory agencies and trade organizations advising of potential new state regulations intended to increase cybersecurity in the financial services industry. The NYDFS issued the letter following risk assessments performed in 2014 and 2015 that identified industry-wide … Continue Reading
LexBlog