Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: financial institutions

Posted in News & Events

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Using a hypothetical case study, revealed in a series of short animations, Hogan Lovells partners Philip Parish, Arwen Handley, Nicola Fulford and Peter Marta considered topics such as good cyber incident preparedness, board responsibility, data issues, regulatory notifications, litigation and regulatory enforcement risk, liaison with law enforcement, and follow-up steps, and answered questions covering the legality of ransom payments to the perpetrators of cyberattacks and insurance for cyber incidents. This post summarizes key messages of the event.

Posted in Cybersecurity & Data Breaches

In-Person Event: A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

Please join us in our London offices for a lively panel discussion with on what financial institutions and service providers need to know about cybersecurity and cyber incident preparedness. The panel will examine the key challenges that companies face before, during, and after a cybersecurity attack, including cybersecurity preparedness, incident response, notification requirements, and litigation and regulatory enforcement risk.

Posted in Cybersecurity & Data Breaches

New York State Expected to Increase Enforcement of Cybersecurity Practices

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services Cybersecurity Regulation and the effective date of the Stop Hacks and Improve Electronic Data Security Act. The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations on regulated organizations. The Act has a particularly broad reach, impacting any company that owns or licenses private information of New York residents.

Posted in Cybersecurity & Data Breaches

Lessons for In-House Counsel from Cybersecurity’s Front Lines

Recent developments reinforce the urgent need for general counsel and legal departments to deepen their focus on cybersecurity. In today’s environment, any organization can be the target of a cyberattack, regardless of industry, size, or geographic footprint. Indeed, in just the past few years, a variety of cyber adversaries have attacked financial institutions, social media sites, a movie studio, hospital systems, a peer-to-peer ridesharing company, the Democratic National Committee, hotel chains, city governments, educational institutions, telecommunications and energy utilities, prominent retailers, manufacturers, and even the mobile app of a well-known coffee and donut chain.

Posted in Consumer Privacy

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

The California Consumer Privacy Act of 2018 (“CCPA”) exempts information that is collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (“GLBA”), and its implementing regulations (the “Privacy Rule”), or the California Financial Information Privacy Act (“CFIPA”).  It does not exempt financial institutions altogether from its requirements where a financial information is processing information not subject to these regimes.  In such situations, a financial institution must comply with a wide array of CCPA obligations, including requirements to make certain disclosures to consumers and to provide certain rights to consumers, such as the right to stop “sales” of their personal information and the right to access data that a business has collected about them. Determining whether information a financial institution processes is covered by the exemption or not can be challenging and is something that financial institutions will need to analyze for their operations.

This blog post provides background on the scope of the exemption and an overview of key considerations for financial institutions developing CCPA compliance programs.

Posted in Social Media

Financial Regulators Finalize Social Media Guidance and Address Industry Questions

The Federal Financial Institutions Examination Council (FFIEC) has released final supervisory guidance on the use of social media by financial institutions. We last reported on the guidance when it was published in draft form in January 2013. The final guidance is substantially similar to the proposal (and we encourage you to read our prior post for more details on the elements of the guidance), but the FFIEC made certain revisions in light of the 81 public comments it received on the proposal.

Posted in Consumer Privacy, Financial Privacy, Social Media

Bank Regulators Propose Social Media Guidance; Comments Due March 25, 2013

The Federal Financial Institutions Examination Council (FFIEC) has released proposed guidance on the use of social media by financial institutions, including banks, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau.  The proposed “Social Media:  Consumer Compliance Risk Management Guidance” (“Proposed Guidance”) defines “social media” broadly to including micro-blogging sites (like Google […]