Recent developments reinforce the urgent need for general counsel and legal departments to deepen their focus on cybersecurity. In today’s environment, any organization can be the target of a cyberattack, regardless of industry, size, or geographic footprint. Indeed, in just the past few years, a variety of cyber adversaries have attacked financial institutions, social media sites, a movie studio, hospital systems, a peer-to-peer ridesharing company, the Democratic National Committee, hotel chains, city governments, educational institutions, telecommunications and energy utilities, prominent retailers, manufacturers, and even the mobile app of a well-known coffee and donut chain.
The California Consumer Privacy Act of 2018 (“CCPA”) exempts information that is collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (“GLBA”), and its implementing regulations (the “Privacy Rule”), or the California Financial Information Privacy Act (“CFIPA”). It does not exempt financial institutions altogether from its requirements where a financial information is processing information not subject to these regimes. In such situations, a financial institution must comply with a wide array of CCPA obligations, including requirements to make certain disclosures to consumers and to provide certain rights to consumers, such as the right to stop “sales” of their personal information and the right to access data that a business has collected about them. Determining whether information a financial institution processes is covered by the exemption or not can be challenging and is something that financial institutions will need to analyze for their operations.
This blog post provides background on the scope of the exemption and an overview of key considerations for financial institutions developing CCPA compliance programs.
The Federal Financial Institutions Examination Council (FFIEC) has released final supervisory guidance on the use of social media by financial institutions. We last reported on the guidance when it was published in draft form in January 2013. The final guidance is substantially similar to the proposal (and we encourage you to read our prior post for more details on the elements of the guidance), but the FFIEC made certain revisions in light of the 81 public comments it received on the proposal.
The Federal Financial Institutions Examination Council (FFIEC) has released proposed guidance on the use of social media by financial institutions, including banks, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau. The proposed “Social Media: Consumer Compliance Risk Management Guidance” (“Proposed Guidance”) defines “social media” broadly to including micro-blogging sites (like Google […]