I am pleased to announce that Kim Phan, an attorney noted for her work on privacy and data security issues for a variety of industries, including consumer financial services, retail, and higher education, has returned to Ballard Spahr as a partner after a short absence.  She will be based in the firm’s Washington, D.C. office.

The FTC has proposed amendments to its 2003 Safeguards Rule and 2000 Privacy Rule, applicable to financial institutions under the Gramm Leach Bliley Act (GLBA).  The proposed changes are informed by the FTC’s enforcement experience and are intended to keep pace with technological developments.

The Safeguards Rule requires financial institutions to have a comprehensive information

The CFPB has issued a final rule amending the provisions of Regulation P that implement the Gramm-Leach-Bliley Act (GLBA) annual privacy notice requirement.  The final rule is intended to reflect the GLBA amendments made by the Fixing America’s Surface Transportation Act that exempted financial institutions meeting certain conditions from the annual notice requirement.  The statutory

Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information properly, ensure that confidential information is protected when transferred to third parties, and notify affected individuals of data breaches in the shortest time frame in the country.

The new

The Association of Corporate Counsel (ACC) Foundation has released The State of Cybersecurity Report (2018), underwritten by Ballard Spahr.  The report, subtitled “An In-House Perspective,” provides insights on corporate cybersecurity issues from more than 600 general counsel, chief legal officers, and other senior law department leaders at organizations worldwide.

The new report, which updates and

In the absence of federal action, state legislators continue to propose bills that would increase data privacy and security protections for consumers.  Any entity that does business in these states or maintains confidential information of their residents should monitor the legislation to determine whether and how the proposed changes may affect operations.

The bills are

We are pleased to announce that Ballard Spahr has launched CyberAdviser, a new blog focused on the latest news and developments in privacy and cybersecurity law.  It will offer insights into the latest transactional, governance and compliance matters, investigations, civil and criminal litigation, regulatory and legislative developments, industry trends, emerging technologies, and other cyber

The FTC has released its annual report summarizing its activity during 2017 relating to privacy and data security issues.  In its self-declared role as “the nation’s primary privacy and data security enforcer,” the FTC outlines 10 privacy cases and 4 data security cases that it brought in 2017, including Uber Technologies (transportation service), Vizio (television

Last week, the Federal Trade Commission (FTC) Bureau of Consumer Protection’s Acting Director, Thomas Pahl, posted on the FTC’s Business Blog about the FTC’s role as the federal agency with the “broadest jurisdiction” to pursue privacy and data security issues. Pahl noted that for over twenty years the FTC has used its authority, “thoughtfully and

On July 1st, the CFPB proposed to amend Regulation P under the Gramm-Leach-Bliley Act (GLBA) to implement the statutory changes made by the Fixing America’s Surface Transportation Act (see prior post) that provided financial institutions that meet certain conditions with an exemption from the GLBA requirement to deliver annual privacy notices to customers.  The