Join us March 22, 2017 for a live webinar with F. Paul Greene, partner and chair of our Privacy and Data Security practice group and Reg Harnish, CEO of GreyCastle Security, to learn about the final set of DFS’s Cybersecurity Rules, which have been in force as of March 1, 2017.
In previous posts, we’ve highlighted the FTC’s broad regulation of the use, storage and protection of consumer data under Section 5(a) of the FTC Act and discussed how the FTC relies upon its authority under the Act to flex its muscles in the cybersecurity realm. The FTC’s touchstone for data protection is “reasonableness” and for guidance as to its expectations as to what is deemed reasonable, the FTC has pointed businesses to its speeches, congressional testimony, articles, blog entries, Commission materials and published settlements. It is for this reason that a blog post published last week on the FTC’s website regarding what to do if businesses are impersonated as part of a phishing scam is so interesting.
Last Friday, Federal Communications Commission (FCC) Chairman Ajit Pai announced his intent to block a controversial new privacy rule that was adopted under the Obama administration and intended to protect consumer information from disclosure by broadband Internet providers.
On January 12, 2017, the Securities and Exchange Commission (SEC) announced this year’s priorities and areas of focus of its Office of Compliance Inspections and Examinations (OCIE). The OCIE conducts the SEC’s National Examination Program and promotes compliance with federal securities laws.
Yesterday, the New York State Department of Financial Services released the final version of its new cybersecurity regulations, to be promulgated at 23 N.Y.C.R.R. Part 500, making some incremental changes against its last version, released on December 28, 2016.