As the anticipated January 1, 2020 effective date of the California Consumer Privacy Act (“CCPA” or “the Act”) draws closer, determining whether a company falls under its mandate is of critical importance. Unfortunately, making that determination can be unexpectedly complicated. Unpleasant surprises may await the unwary.
This article was written by Alison Bird, my partner at Clearview Privacy Consulting LLC.
These days, more and more IT departments are choosing to move data hosting to the cloud. This decision makes a lot of sense. Cloud storage relieves the company of the operational burden of maintaining systems and moves critical data to locations that are more secure than your office basement. [Read more…]
Co-authored by Alison Bird
On March 5, 2019, the FTC proposed changes to the Safeguards Rule of the Gramm-Leach-Bliley Act (GLB) which would create new, prescriptive security obligations for companies regulated under GLB, similar to those under the New York State Department of Financial Services. While most people think of GLB as applicable only to financial institutions, the FTC defines a financial institution very broadly. An entity is a “financial institution” if its business is engaging in an activity that is financial in nature or incidental to such financial activities as described in Section 4(k) of the Bank Holding Company Act, provided such entities are not subject to other regulators under GLB. Some examples of financial institutions mentioned in the proposal are:
Co-authored by Alison Bird
On March 5, 2019, the Federal Trade Commission (FTC) announced proposed amendments to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLB), which addresses the obligations of financial institutions to protect the security of customer information. In some ways modeled on the New York Department of Financial Services Cybersecurity Regulation, the proposal maintains GLB’s process — or risk-based — approach to data protection, but it also outlines explicit cyber controls that regulated entities would be required to implement. While many firms may already have instituted some of those controls, certain proposed amendments are new or more explicit, and they may create significant implementation challenges. Five of the most noteworthy proposed amendments are detailed here.
According to a new Deloitte report, M&A activity is expected to dramatically increase in 2019. And it’s probably safe to say that during the frenzy of activity leading up to completion of the deal, ensuring compliance with cyber insurance policies may not be top of mind. But to maximize coverage following the completion of the transaction, entities are strongly encouraged to take a close look at their cyber policy provisions early in the deal-making process so that they can satisfy any applicable notice and underwriting requirements. In addition, cyber insurance purchasers that are contemplating M&A activity should carefully consider such policy provisions prior to purchasing a cyber form.