Gramm-Leach-Bliley Act (GLBA)

Subscribe to Gramm-Leach-Bliley Act (GLBA)

Oregon has joined 10 other states in enacting a comprehensive data privacy law.1 On July 18, 2023, Governor Tina Kotek signed the Oregon Consumer Privacy Act (the “Oregon Privacy Law”) into law. The law imposes a range of new data privacy requirements on non-exempt controllers and processors of Oregon consumer personal data. The Oregon

  • On October 27, 2021, the Federal Trade Commission issued a final rule (“Final Rule”) implementing most of the revisions it proposed in 2019, with some important modifications, to its Gramm-Leach-Bliley Act safeguards rule.
  • Financial institutions covered by the Final Rule include finders, finance companies, mortgage companies, motor vehicle dealerships, payday lenders and other non-banks involved

This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (“SEC”). These enforcement actions highlight the SEC’s scrutiny of written documentation and disclosures following incidents. In this National Cybersecurity Awareness Month Legal Update, we discuss the SEC’s recent cyber enforcement actions, as

Colorado has become the third state to enact a comprehensive consumer data privacy statute. Passed by the Colorado General Assembly on June 8, 2021, and signed into law by Colorado Governor Jared Polis on July 7, 2021, the Colorado Privacy Act (“CPA”) is slated to come into effect on July 1, 2023. This Legal Update

Use of IoT1 devices continues to grow exponentially as companies leverage the impressive data collection abilities of technology to drive exciting developments.2 It’s estimated that by 2025, there will be over 64 billion IoT devices in use worldwide.3 Expansion is further fueled by the remote working environment arising out of the COVID-19

On March 5, 2019, the Federal Trade Commission (“FTC”) proposed a number of revisions to its Gramm-Leach-Bliley Act (“GLBA”) regulations, which would (i) change the Safeguards Rule to require financial institutions to implement specific information security controls (in a departure from the FTC’s current non-prescriptive approach to data security), (ii) update its GLBA Privacy Rule

On September 26, 2018, the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered broker-dealer/investment adviser (the “Registrant”) for allegedly violating the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID).1 The Registrant allegedly violated the SEC’s rules by failing to implement appropriately designed

In a bylined article, Litigation & Dispute Resolution partners Charles E. Harris, II, Laura Hammargren, and associate Rebecca Klein (all Chicago) examines certain data security standards and why Washington entities might consider complying with one of these standards.

Continue reading.

Computer security incidents pose substantial and growing threats to businesses. A company’s readiness to respond in the immediate aftermath of an attack is the key to minimizing the financial, reputational and legal damage associated with such an event. To help companies be prepared, Mayer Brown recently published Preparing For and Responding To a Computer Security