On August 11, 2022, the Federal Trade Commission (the “FTC”) announced its Advance Notice of Proposed Rulemaking (the “ANPR”) seeking public comment on 95 questions focused on harms stemming from…
On August 11, 2022, the Federal Trade Commission (“FTC”) announced its Advance Notice of Proposed Rulemaking (“ANPR”) seeking public comment on 95 questions focused on purported harms stemming from “commercial…
On July 27, 2022, the Securities and Exchange Commission (“SEC”) separately charged three financial institutions with violations of Rule 201 of Regulation S-ID (“Reg S-ID”), also known as the Identity…
On July 8, 2022, the California Privacy Protection Agency (the “Agency”) issued a Notice of Proposed Rulemaking, kicking off a forty-five day comment period for proposed updates to the California…
On June 21, 2022, the House Energy and Commerce Committee formally introduced a new federal privacy bill: the American Data Privacy and Protection Act (“ADPPA”). Notably, the ADPPA has diverse…
On May 25, 2022, the Review of Banking & Financial Services published an article on the recently-issued banking agencies’ Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and…
Connecticut’s Governor signed the state’s comprehensive privacy law into effect on May 10, 2022, adding yet another category of state privacy law. The Connecticut legislature largely drew upon provisions found…
On March 24, 2022, Utah enacted a comprehensive consumer privacy law, the Utah Consumer Privacy Act (“UCPA”). The UCPA, effective on December 31, 2023, is largely consistent with other comprehensive…
Today, it is widely accepted that most large organizations benefit from maintaining a written cybersecurity incident response plan (“CIRP”) to guide their responses to cyberattacks. For businesses that have invested…
On March 9, 2022, the SEC released its newest series of proposed cybersecurity rules, this time for all public companies. Consistent with the proposed rules issued last month for investment…