Photo of Anthony J. Ford

Nearly every state in the United States requires notification when certain personal information is lost, stolen, or misused. However, the many state laws vary in subtle but crucial respects, making it difficult to get to a bottom line quickly. Reed Smith’s Information Technology, Privacy & Data Security practice is thrilled to release a first-of-its-kind tool

Earlier in February, the Executive Office of Management and Budget (“OMB”) issued Memorandum M-17-12 to federal agencies to set out guidelines and procedures for preparing for or responding to a breach involving the release of personally identifiable information (“PII”). The OMB’s suggested framework specifically aims to “[assess] and mitigate the risk of harm to individuals potentially affected by a breach,” and to provide “guidance on whether and how to provide notification and services to those individuals.” The implementation of common federal agency standards and processes is oriented to not only streamline the way agencies deal with the release of PII, but to also ensure that the federal government is capable of handling data breaches in an effective and efficient manner.

Among the more notable requirements in the guidelines are those imposed on federal contractors who collect or maintain federal information, or who use or operate information systems on behalf of a federal agency. The OMB outlines terms for agencies to incorporate into federal contracts and cooperative agreements, including requiring that contractors and subcontractors:
Continue Reading OMB Federal Agency Data Breach Guidelines – Considerations for Industry

On Monday, November 14, 2016, the Securities and Exchange Commission (SEC) hosted a forum to discuss financial technology (FinTech) innovation in the financial services industry. The summit discussed several topics, but the second panel, titled “Impact of Recent Innovation on Trading, Settlement, and Clearance Activities,” specifically addressed blockchain-enabled distributed ledger technology and its applicability in corporate environments. The panel provided an opportunity for the SEC to highlight blockchain’s potential for assisting companies in meeting compliance requirements, cutting costs with respect to record keeping and tracking assets, and disintermediating transactions.

Corporations have begun to seriously examine the opportunities made available by blockchain-enabled distributed ledger technology beyond digital currency, in areas ranging from financial services and retail supply chains to art and music. Unlike Bitcoin, where the blockchain provides a transfer mechanism and ledger for the intangible currency, digital ledger technology also may provide a distributed, often a privately managed system of records for a wide variety of transactions.
Continue Reading Leveraging the Blockchain to Provide an Unalterable, Distributed Ledger for Transactions, Supply Chains and Other Corporate Processes

Anthony Albanese, the head of the New York Department of Financial Services, issued a letter to more than 20 federal and state regulators outlining proposed cybersecurity regulations for banks and insurance companies operating in New York. While the letter is a request for comment from fellow regulators, it represents a preview of several cybersecurity measures that may soon be required of the financial industry. These measures focus on guaranteeing that banks and insurers establish and maintain a formal cybersecurity program, and hold third-party vendors accountable to following similar cybersecurity practices. Specifically, the letter asks for comment on eight proposed regulatory requirements:
Continue Reading New York Department of Financial Services Previews Upcoming Cybersecurity Regulations for Banks and Insurers