Oregon has joined 10 other states in enacting a comprehensive data privacy law.1 On July 18, 2023, Governor Tina Kotek signed the Oregon Consumer Privacy Act (the “Oregon Privacy Law”) into law. The law imposes a range of new data privacy requirements on non-exempt controllers and processors of Oregon consumer personal data. The Oregon
Gramm-Leach-Bliley Act (GLBA)
Data Privacy and Cybersecurity Issues in M&A Transactions
Mayer Brown partners Christian Fabian, Stephen Lilley and Lei Shen, located in the United States, focus on data privacy and cybersecurity issues in M&A transactions.
US Federal Trade Commission Adopts Prescriptive Data Security Requirements and Other Updates to Its Gramm-Leach-Bliley Act Safeguards Rule
- On October 27, 2021, the Federal Trade Commission issued a final rule (“Final Rule”) implementing most of the revisions it proposed in 2019, with some important modifications, to its Gramm-Leach-Bliley Act safeguards rule.
- Financial institutions covered by the Final Rule include finders, finance companies, mortgage companies, motor vehicle dealerships, payday lenders and other non-banks involved
…
US Securities and Exchange Commission Increases Focus on Cybersecurity
This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (“SEC”). These enforcement actions highlight the SEC’s scrutiny of written documentation and disclosures following incidents. In this National Cybersecurity Awareness Month Legal Update, we discuss the SEC’s recent cyber enforcement actions, as…
Colorado’s New Data Privacy Law: Comparing to Other States and Looking Ahead
Colorado has become the third state to enact a comprehensive consumer data privacy statute. Passed by the Colorado General Assembly on June 8, 2021, and signed into law by Colorado Governor Jared Polis on July 7, 2021, the Colorado Privacy Act (“CPA”) is slated to come into effect on July 1, 2023. This Legal Update…
Managing Vendor Cybersecurity Risk in IoT Contracting
Use of IoT1 devices continues to grow exponentially as companies leverage the impressive data collection abilities of technology to drive exciting developments.2 It’s estimated that by 2025, there will be over 64 billion IoT devices in use worldwide.3 Expansion is further fueled by the remote working environment arising out of the COVID-19…
US Federal Trade Commission Proposes Prescriptive Data Security Requirements and Other Updates to Its Gramm-Leach-Bliley Act Regulations
On March 5, 2019, the Federal Trade Commission (“FTC”) proposed a number of revisions to its Gramm-Leach-Bliley Act (“GLBA”) regulations, which would (i) change the Safeguards Rule to require financial institutions to implement specific information security controls (in a departure from the FTC’s current non-prescriptive approach to data security), (ii) update its GLBA Privacy Rule…
SEC Brings First Enforcement Action Under the Identity Theft Red Flags Rule
On September 26, 2018, the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered broker-dealer/investment adviser (the “Registrant”) for allegedly violating the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID).1 The Registrant allegedly violated the SEC’s rules by failing to implement appropriately designed…
Safeguarding Personal Information: What Washington Businesses Need to Know about Data Security Standards
In a bylined article, Litigation & Dispute Resolution partners Charles E. Harris, II, Laura Hammargren, and associate Rebecca Klein (all Chicago) examines certain data security standards and why Washington entities might consider complying with one of these standards.
Preparing For and Responding To a Computer Security Incident: Making the First 72 Hours Count
Computer security incidents pose substantial and growing threats to businesses. A company’s readiness to respond in the immediate aftermath of an attack is the key to minimizing the financial, reputational and legal damage associated with such an event. To help companies be prepared, Mayer Brown recently published Preparing For and Responding To a Computer Security…