On July 13, 2020, the Federal Trade Commission (FTC) held a workshop titled “Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule.” This workshop discussed the proposed amendments to the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program. The GLBA Safeguards Rule

The successful management of COVID-19 relies on the quick analysis and collection of health data, which can raise privacy issues particularly in the European Union.  In order to help data controllers manage their COVID-19 response plans under the General Data Protection Regulation (GDPR) and other EU privacy laws, the European Data Protection Board (EDPB) released a statement discussing how governments and companies can process personal data in response to COVID-19.
Continue Reading EDPB Clarifies Privacy Rules for COVID-19

As people across the country and world try to figure out how to protect themselves against the spread of coronavirus, hackers are working hard to spread their own viruses.  Indeed, various cybersecurity firms have reported that the amount of malicious emails containing the word “coronavirus” has significantly increased since the end of January.

Many of

On Friday, February 7, 2020, the California Attorney General’s (AG) Office released modified regulations to the California Consumer Privacy Act (CCPA).  The modified regulations incorporate amendments to the CCPA signed into law after the AG’s Office promulgated regulations in October 2019. The modified regulations also reflect public comments made during the initial comment period, which

Happy (belated) New Year! 2020 marks the second anniversary of CyberAdviser.  In the word of data privacy and cybersecurity, a great deal has happened over that span of time, including the enactment of the GDPR,  BDLC (Brazil’s new privacy law), and the CCPA, the continued expansion of data breach and biometrics litigation, important US federal

For businesses, one of the more worrisome scenarios under the CCPA occurs when they mistakenly provide personal information of a consumer to the wrong party in response to a consumer request, whether because of fraud or simple mistake. Because the definition of data breach under the CCPA is very broad, the unauthorized sharing of personal

To the surprise of some, the proposed CCPA Regulations issued last Thursday don’t address many of the well-discussed ambiguities under the law (such as what “valuable consideration” means in the context of a sale of personal information). Rather, the proposed Regulations address a number of technical, nut-and-bolt type compliance issues concerning how businesses must make

The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still remain. A main source of confusion about cookies is the interplay between two EU privacy laws, the

Remarks Focus on Account Takeovers, BEC Schemes, Beneficial Ownership, Technological Innovation and SARs

FinCEN Director Kenneth A. Blanco delivered prepared remarks on September 24 at the 2019 Federal Identity (FedID) Forum and Exposition in Tampa, Florida.

Director Blanco summarized the topics of his remarks by stating the following:

  1. First, I would like to tell you