We have recently written on whether protecting personal data should be regulated using a property model instead of a privacy model (and concluded, probably not). Another framework for regulating personal data that is getting increased attention is a national security model, which looks at securing personal data as a means
Continue Reading
Federal Regulation - U.S.
Regulators and Plaintiffs Aren’t Waiting for Privacy Legislation: Companies Face Potential Liability Now and Can Take Steps to Reduce Risks
By Avi Gesser, Eric McLaughlin, Greg Swanson & Clara Y. Kim on
Momentum is building in Congress for federal privacy legislation and several states have their own privacy laws in the works. But, as concerns grow that companies are collecting and sharing personal information about U.S. residents without their knowledge and not adequately protecting that data, regulators and plaintiffs aren’t waiting for…
Continue Reading
The FTC Moves Toward a Rules-Based Approach to Cybersecurity Regulation for Financial Institutions
In our first Cyber Blog post, we predicted that the rules-based approach adopted by the NYDFS would become the model for cybersecurity regulation. Two years later, we’re feeling pretty good about that prediction, as the FTC recently proposed incorporating a number of aspects of the NYDFS cybersecurity rules into…
Continue Reading
Alternative Data Goes Mainstream, and Gets Increased Attention from Regulators
In the last few years, we have seen a dramatic increase in the purchase and sale of alternative data—a shorthand for big data sets, such as satellite images of parking lots, drug approvals, credit card purchases, cellphone data on retail foot traffic, and construction permits. According to alternativedata.org, the alternative…
Continue Reading
Your Sensitive Information Was Accessed in a Government Hack? You May Have No Remedy.
By Avi Gesser, Shahira D. Ali, Kelsey Clark & Alicia Robinson on
In a statement issued on Wednesday, September 20th, the U.S. Securities and Exchange Commission (SEC) revealed that it was investigating a 2016 data breach of its Electronic Data Gathering, Analysis, and Retrieval (EDGAR) database. The SEC does not believe that personally identifiable information was exposed, but the investigation is still…
Continue Reading
Davis Polk Memo – Banking Regulators Float Broad Cyber Risk Approach
We have issued a memo on recent proposed U.S. federal banking regulations that could significantly expand the existing cybersecurity regulatory framework for covered financial institutions. The Enhanced Standards intend to strengthen cyberattack preventative measures and post-attack responses.
FinCEN Issues Advisory and FAQs on Cyber-Events and Cyber-Enabled Crime
By Avi Gesser on
Posted in Federal Regulation - U.S., Financial Sector
FinCEN Issues Advisory and FAQs on Cyber-Events and Cyber-Enabled Crime (10/27)
On October 25, 2016 FinCEN issued an advisory and FAQs to financial institutions regarding their Suspicious Activity Report (SAR) obligations with respect to cyber-events, cyber-enabled crime, and cyber-related information as those terms are defined. The FAQs supersede previous FAQs …
Continue Reading