Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information properly, ensure that confidential information is protected when transferred to third parties, and notify affected individuals of data breaches in the shortest time frame in the country.

The new

We are pleased to announce that Ballard Spahr has launched CyberAdviser, a new blog focused on the latest news and developments in privacy and cybersecurity law.  It will offer insights into the latest transactional, governance and compliance matters, investigations, civil and criminal litigation, regulatory and legislative developments, industry trends, emerging technologies, and other cyber

On December 14, the Financial Stability Oversight Council (FSOC), which was established by the Dodd-Frank Act to analyze and mitigate potential threats to the financial sector, released its first report under the Trump administration (the “Report”).  FSOC is comprised of representatives from each of the federal financial regulators, including the CFPB.  Mick Mulvaney, President Trump’s

The recent data breach disclosure by Equifax raised an outcry from consumer advocates trying to link the data breach to the Consumer Financial Protection Bureau’s (CFPB) final arbitration rule.  They are portraying this cybersecurity incident as a prime example of why class actions are needed to protect consumers, hoping to persuade the U.S. Senate not

The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report on December 9, 2015.  Ballard Spahr was the only law firm that served on the advisory board for the study and helped to formulate the survey questions.  The report provides valuable insights on cybersecurity issues from more than 1,000 corporate lawyers at

As we have previously observed, banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive acts or practices) to regulate cybersecurity policies and procedures.

For companies also subject to the

Banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive acts or practices) to regulate cybersecurity policies and procedures.  For companies also subject to the FTC’s jurisdiction, however, the threat

As part of their increased focus on cybersecurity, the CFPB and federal banking are taking steps to raise financial institutions’ awareness about the need for preparedness.  On June 24, 2014, the Federal Financial Institutions Examination Council (FFIEC) launched a web page that combines available resources from the federal regulators on cybersecurity. 

In addition to heightening