With the California Consumer Privacy Act (CCPA) now in effect as of January 1, 2020, other states are moving to consider comprehensive privacy legislation.

Unless you have been living under a data protection rock, or have no interaction with the world’s fifth largest economy, you are likely aware that the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020.

On April 16, 2019, the Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert following OCIE’s examinations of investment advisers and broker-dealers. The Risk Alert identified some of the key compliance issues in the recent examinations related to Regulation S-P, which is the SEC’s principle rule covering privacy notices and policies and practices required to safeguard customer records and information. 

On October 30, 2018 the New Jersey Attorney General entered into a Final Consent Judgment with ATA Consulting, doing business as Best Medical Transcription, and its owner, Tushar Mathur (collectively “Defendants”), resolving a 2016 security breach that resulted in the publication of personal health information of over 1,600 New Jersey residents. As a result of the Consent Judgment, Defendants were fined $200,000 and Mr. Mathur was permanently banned from managing or owning a business in New Jersey.

On October 16, 2018 the Securities and Exchange Commission (“SEC”) issued an investigative report following investigations of nine public issuers who were victims of cyber fraud.