Insufficient data protection or information security can violate the prohibition against unfair acts or practices according to a circular released last week by the federal Consumer Financial Protection Bureau.
Posts tagged as “Data Protection”
On Aug. 11, 2022, the Federal Trade Commission issued an Advance Notice of Proposed Rulemaking seeking input that will shape potential rules “to crack down on harmful commercial surveillance and lax data security.”
On July 29, 2022, the New York Department of Financial Services published pre-proposal draft amendments to its Cybersecurity Regulations, 23 NYCRR 500.00, et seq. , that if adopted will require covered entities to implement numerous policy and operational changes.
Determining whether your business engages in activities that can trigger coverage is discussed by the Federal Trade Commission in just released guidance entitled “FTC Safeguards Rule: What Your Business Needs to Know.” The Rule applies to many businesses beyond the scope of what are commonly understood to be “financial institutions” and has implications for service providers to covered entities.
On May 10, Gov. Ned Lamont signed into law Substitute Senate Bill 6 (Public Act 22-15), Connecticut’s version of comprehensive consumer data privacy legislation. This makes Connecticut the fifth state to enact such legislation, following California, Virginia, Colorado, and Utah. The Act will go into effect July 1, 2023.
There remain over 30 comprehensive consumer data privacy bills pending in the states, but some are falling off the chart as the legislative sessions come to an end. While the number of active bills is decreasing, there is one new state data privacy law, and others that continue to show movement.
On March 24, Utah Gov. Spence Cox signed into law SB 227, the Utah Consumer Privacy Act. This makes Utah the fourth state, behind California, Virginia, and Colorado, to enact comprehensive consumer data privacy legislation.
The Federal Trade Commission recently amended the Safeguards Rule, 16 C.F.R. § 314.1, et seq., with significant changes to how an information security program should be designed, what it must include, and who needs to be in charge.
Despite the national and global events that took center stage in 2021, the upward trend in data privacy legislation at the state level continued and with the addition of the amendments to the Safeguards Rule, 2022 brings new compliance challenges for many businesses and financial institutions.
On July 6, Colorado Gov. Jared Polis signed into law Senate Bill 21-190, the Colorado Privacy Act. This makes Colorado the third state, behind California and Virginia, to enact comprehensive consumer data privacy legislation. The act becomes effective July 1, 2023.
On March 19, Sen. Robert Rodriguez (D), Chair of the Business, Labor & Technology Committee, and Sen. Paul Lundeen (R), Minority Whip, introduced Senate Bill 21-190 that would create the Colorado Privacy Act.
On March 15, the California Office of the Attorney General announced that additional regulations relating to the California Consumer Privacy Act (CCPA) had been approved, effective immediately.