We are pleased to announce that client beta testing has begun for the Davis Polk Data Breach Notification Resource Portal—a secure online suite of tools designed to assist clients in preparing and planning for a possible data breach, and help them comply with state and federal law obligations to inform customers, regulators, and law enforcement. Utilizing a simple, query-based portal, the Notification Assessment Tool allows clients to receive rapid privileged legal advice on notification … Continue Reading
We have issued a memo on recent proposed U.S. federal banking regulations that could significantly expand the existing cybersecurity regulatory framework for covered financial institutions. The Enhanced Standards intend to strengthen cyberattack preventative measures and post-attack responses.
On October 25, 2016 FinCEN issued an advisory and FAQs to financial institutions regarding their Suspicious Activity Report (SAR) obligations with respect to cyber-events, cyber-enabled crime, and cyber-related information as those terms are defined. The FAQs supersede previous FAQs issued in 2001. The advisory and FAQ also discuss collaboration between in-house BSA/AML teams (e.g., noting that the BSA/AML teams need not have personnel devoted … Continue Reading
We have issued a memo on recent proposed cybersecurity regulations by the New York State Department of Financial Services that would be more stringent than existing federal requirements for certain financial entities. The memo highlights similarities and differences between the proposed regulations and federal regulations and guidance.
On March 2, 2016, the CFPB announced that it had settled an enforcement action with Dwolla, Inc., an online payment platform, for making allegedly deceptive statements regarding its data security practices and the safety of its online payment system. Dwolla agreed to pay a $100,000 civil penalty and to undertake measures to improve its data security.… Continue Reading
We have issued a memo on a rising trend in business email scams, which if successful, could trigger data breach notification obligations.