Archives: Regulatory

Subscribe to Regulatory RSS Feed

Full quilt: The final two states without data breach laws push forward to complete the patchwork protecting personal information in the U.S.

There are currently only two U.S. states that do not have a state data breach notification law: South Dakota and Alabama. Recently, South Dakota took a big step toward approving a data breach notification law. On January 25, 2018, the state’s Senate Attorney Judiciary Committee advanced the bill after a 7–0 vote, sending it to … Continue Reading

Massachusetts Attorney General announces new data breach reporting tool and database

Massachusetts Attorney General (AG) Maura Healey has announced that the state will offer an online portal where businesses can more easily report that they have experienced a data breach. Massachusetts will also offer consumers an electronic database to view reported breaches, similar to the online repositories operated by California, Maryland and other states. Affected companies … Continue Reading

“An interview with Utah AG Sean Reyes”

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with Utah Attorney General Sean Reyes. AG Reyes is well known as a bipartisan thought leader among AGs on the issues of privacy and cybersecurity. In the interview, he … Continue Reading

Warning light: The FTC is monitoring the connected car marketplace

In a recently published “Staff Perspective,” the Federal Trade Commission (FTC) appears to be staying true to the regulatory humility approach Acting Chairman Maureen K. Ohlhausen underscored in her opening remarks to the connected cars and autonomous vehicles workshop the FTC co-hosted with the National Highway Traffic Safety Administration (NHTSA) last summer. The Consumer Protection … Continue Reading

Bitcoin’s Blocksize Debate Continues

As Bitcoin’s (BTC) popularity continues to grow, its network built on 1MB blocks struggles to keep up with the growing number of transactions. Two groups within the Bitcoin community, the “Big Blockers” and “Decentralists,” disagree on how to address the blocksize issue. Big Blockers are focused on realizing Bitcoin’s potential to serve as a cash … Continue Reading

German Federal Financial Supervisory Authority (BaFin) publishes circular on regulatory requirements for financial institutions’ IT systems

On 3 November 2017, the German regulator for the financial sector, the Federal Financial Supervisory Authority (“BaFin”), published a new circular titled Rundschreiben 10/2017 (BA) vom 3. November 2017 – Bankaufsichtliche Anforderungen an die IT (in English: Circular 10/2017 – Regulatory Requirements for IT-Systems – “BAIT”). The BAIT is available in German language at the BaFin’s website. The … Continue Reading

“An Interview with Wisconsin AG Brad Schimel”

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with Wisconsin Attorney General Brad Schimel. AG Schimel has prioritized cybercrime enforcement and prevention for the state. In the interview, he discusses his data privacy and security agenda as … Continue Reading

The CFPB Releases Data Sharing Principles, Setting Off A New Round of Controversy

On October 18, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) entered into the long simmering debate over consumer-authorized data sharing.  This debate pits mainstream financial institutions, which are typically reticent to share customer data with third parties, against data aggregators and other fintechs.  Those newer companies provide services directly to consumers—or to enhance the … Continue Reading

European Commission calls for enhanced responsibility of online platforms for illegal content

Addressing the detection of and removal of illegal content from online platforms represents an urgent challenge for the digital society today. However, so far, there is no harmonised and coherent approach across the European Union. On 28 September 2017, the European Commission (“Commission”) published a communication titled „Tackling Illegal Content Online – Towards an enhanced … Continue Reading

The SEC Announces Two New Initiatives to Address Digital Token Sales

At the end of September, the Securities Exchange Commission (“SEC”) announced two new initiatives to address cyber-based threats and protect retail investors. In the press release, the SEC outlined the creation of the Cyber Unit (“Unit”) and the Retail Strategy Task Force (“RSTF”).  The Unit will focus on targeting cyber-related misconduct.  The RSTF was established … Continue Reading

The FCA Speaks Out on Initial Coin Offerings

The initial coin offerings (ICOs) regulatory map has begun to take shape with the U.S. Securities and Exchange Commission (SEC), the Canadian Securities Administrators (CSA), the UK’s Financial Conduct Authority (FCA), Singapore, Hong Kong, China and Australia offering their opinions on ICOs.  The FCA recently stated that ICOs are “very high-risk, speculative investments.”  The Dubai … Continue Reading

Busy Summer for Distributed Ledger Technology

Distributed Ledger Technology (DLT) and cryptocurrency have been a hot topic this summer.  DLT has begun its transition from a proof-of-concept phase, to a real world deployment. Some of the changes over the last six weeks include: Bitcoin splitting into two currencies; the Securities Exchange Commission (SEC), the Canadian Securities Administrators (CSA), and the Monetary … Continue Reading

SEC Securities Trading Suspension for Three Blockchain- Related Companies

Digital tokens are now being incorporated into federal and state regulatory regimes.  Over the past two weeks, the Securities and Exchange Commission (“SEC”) has suspended the trading of company securities of three publicly-traded blockchain-related companies The first company to be suspended was CIAO Group, Inc. (“CIAU”) due to questions regarding the accuracy of statements pertaining … Continue Reading

SEC Increases Focus on Cyber Incident Response

In the past few years, we have seen an uptick in agencies beginning to focus on the cybersecurity readiness and response of organizations subject to their jurisdiction. The U.S. Securities and Exchange Commission (SEC), for example, has identified cybersecurity as a top priority for many years. This past June, the SEC named Stephanie Avakian and … Continue Reading

ECPA Reform Legislation on the Horizon (Again)

Three bipartisan Senate bills are up for consideration in Congress that would attempt to modernize the legal standards under which the U.S. government can access communications electronically stored by email service providers and cloud computing companies. The proposed bills, introduced July 27, 2017, each provide a different scheme in updating the Electronic Communications Privacy Act … Continue Reading

German Federal Supreme Court: ‘Sofortüberweisung’ must not be the only free-of-charge payment method in B2C contracts

According to a press release of the Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband; ‘vzbv’) dated 19 July 2017, the German Federal Supreme Court (‘FSC’) issued a judgment that held it is unreasonable for consumers if the only payment method offered free of charge is ‘Sofortüberweisung’ (FSC, judgment of 18 July 2017, case no. KZR 39/16; not yet published). This means … Continue Reading

EU Regulation on cross-border portability of online content services in force

After publication in the Official Journal of the European Union, Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on cross-border portability of online content services in the internal market (‘Regulation’) enters into force 20 July 2017, and will become enforceable 20 March 2018. The Regulation focusses on seamless access … Continue Reading

FCA guidance on tackling cyber crime

The Financial Conduct Authority recently released guidance regarding cyber resilience (in the form of new webpages) which FCA regulated firms should take account of. While many larger regulated firms have substantial cyber resilience systems in place, the FCA is well aware that all firms are still vulnerable to attack, and that cyber attacks can impact … Continue Reading

The UK FCA Publish Discussion Paper on Distributed Ledger Technology

The UK FCA Publish Discussion Paper on Distributed Ledger Technology Regulators globally are focused on understanding industry consumers’ views on distributed ledger technology’s (DLT) potential risks and opportunities. On 10 April 2017, the UK Financial Conduct Authority (FCA) published a discussion paper DP17/3 on DLT, and followed it with a speech at the Innovate Finance … Continue Reading

Launching New Multistate Assessment Tool for Data Breach Notification Obligations

Nearly every state in the United States requires notification when certain personal information is lost, stolen, or misused. However, the many state laws vary in subtle but crucial respects, making it difficult to get to a bottom line quickly. Reed Smith’s Information Technology, Privacy & Data Security practice is thrilled to release a first-of-its-kind tool … Continue Reading

Impact of online sales restrictions on EU and German competition enforcement

In the course of its E-commerce Sector Inquiry (Sector Inquiry) launched in May 2015, the European Commission gained an insight into the standard business practices engaged in by producers of consumer goods when distributing their products online. The Sector Inquiry, which formed part of the Commission’s wider Digital Single Market Strategy, was recently completed, with … Continue Reading
LexBlog