Photo of David A. Tallman
  • On October 27, 2021, the Federal Trade Commission issued a final rule (“Final Rule”) implementing most of the revisions it proposed in 2019, with some important modifications, to its Gramm-Leach-Bliley Act safeguards rule.
  • Financial institutions covered by the Final Rule include finders, finance companies, mortgage companies, motor vehicle dealerships, payday lenders and other non-banks involved

On March 5, 2019, the Federal Trade Commission (“FTC”) proposed a number of revisions to its Gramm-Leach-Bliley Act (“GLBA”) regulations, which would (i) change the Safeguards Rule to require financial institutions to implement specific information security controls (in a departure from the FTC’s current non-prescriptive approach to data security), (ii) update its GLBA Privacy Rule

On February 16, 2017, the New York State Department of Financial Services (“NYDFS”) finalized regulations that mandate cybersecurity standards for all institutions authorized by NYDFS to operate in New York, including many banks, insurance entities and insurance professionals doing business in New York. The final regulations, titled “Cybersecurity Requirements for Financial Services Companies,” implement a

Cybersecurity and data privacy issues continued to grow in significance for multinational businesses over the past 12 months, further heightening the importance of preparing and responding in a strategic, coordinated and enterprise-wide manner in 2017.

The Trump administration has publicly provided limited details so far about its plans for cybersecurity and data privacy policy. Reports

Companies across industry sectors have developed risk-based cybersecurity programs to respond to the substantial and complex cyber threats they face. Managing regulatory risk has become an important element of these cybersecurity programs, as regulators use rules, enforcement actions, and guidance to establish an increasingly complex framework of regulatory expectations.

This 80-page book offers insights on

The New York State Department of Financial Services (“DFS”) on September 13, 2016, proposed regulations, to be effective as of January 1, 2017, that would mandate cybersecurity standards for any entity authorized by DFS to operate in New York, including certain banks and insurance companies doing business in New York. The proposed “Cybersecurity Requirements

On March 2, 2016, the Consumer Financial Protection Bureau (Bureau) undertook its first data security enforcement action in a consent order against Dwolla, Inc., a payment network provider that allegedly made deceptive representations about its data security practices. Although in this matter the Bureau relied upon its authority to take action against “deceptive” practices, the