Tiffany Quach
Subscribe to all posts by Tiffany Quach
On January 30, 2019, the Office of the New York Attorney General (“NY AG”) and the Office of the Florida Attorney General (“Florida AG”) announced settlements with Devumi LLC and its offshoot companies (“Devumi”), which sold fake social media engagement, such as followers, likes and views, on various social media platforms. According to the NY … Continue Reading
Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data. To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et des Libertés (CNIL), the French … Continue Reading
In September 2018, the Securities and Exchange Commission (“SEC”) announced that broker-dealer and investment adviser Voya Financial Advisors Inc. (“VFA”) agreed to pay $1,000,000 to settle charges related to alleged failures in its cybersecurity policies and procedures relating to a data breach that compromised the personal information of 5,600 customers. The SEC charged VFA with … Continue Reading
The New York Department of Financial Services cybersecurity regulation 23 NYCRR 500 (the “Regulation”) came into effect in March 2017 and established four staggered compliance deadlines for its various requirements. By the third deadline of September 3, 2018, Covered Entities are required to be in compliance with sections 500.06 (audit trails), 500.08 (application security), 500.13 … Continue Reading
On March 16, 2018, the D.C. Circuit Court of Appeals released a long-awaited decision in ACA International, et al. v. FCC, unanimously ruling to narrow a 2015 Federal Communications Commission (FCC) order (the “2015 Order”) that expanded the scope of the Telephone Consumer Protection Act (TCPA). The TCPA is a federal law that governs marketing … Continue Reading
On March 21, 2018, South Dakota Governor Daugaard signed S.B. 62, enacting the state’s first data breach notification law, which will go into effect July 1, 2018. Previously, Alabama and South Dakota were the only U.S. states without data breach notification. As of July 2018, Alabama will be the last state without a data breach … Continue Reading
State financial regulators in Colorado and Vermont recently adopted cybersecurity rules that apply to broker-dealers and investment advisers regulated by those states as well as certain other “securities professionals” in Vermont. The broad definition of “securities professional” in Vermont’s regulation (“any person providing investment-related services in Vermont”) could include entities that do not generally consider … Continue Reading
In April 2017, the New York Department of Financial Services (the “DFS”) released guidance on interpreting 23 NYCRR Part 500, its recently promulgated regulation that requires banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity programs (the “Regulation”), in the form of a frequently asked questions (“FAQ”) document … Continue Reading
On February 16, 2017, the New York Department of Financial Services (the “DFS”) released a final version (the “Final Regulation”) of its proposed regulation, previously released in an earlier revised form on December 28, 2016, that would require banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity protections … Continue Reading
As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity protections (the “Original Proposal”). On December 28, 2016, the DFS released a … Continue Reading
As we previously reported, in September 2016 the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity protections (the “Proposal”). The comment period for the Proposal closed in mid-November. In late December, a DFS … Continue Reading
On September 13, 2016, California Governor Jerry Brown signed into law AB 2828, an amendment to the law that requires businesses to disclose data breaches to California residents whose personal information has been compromised. Currently, the law requires notification of a breach when a California resident’s unencrypted personal information is compromised. However, effective January 1, … Continue Reading
On September 13, 2016, New York Governor Andrew Cuomo announced that the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies, and other financial services institutions regulated by the DFS to establish and maintain a cybersecurity program (the “Proposal”). If the Proposal is adopted, New York would … Continue Reading
Two states – New Jersey and Connecticut – have recently imposed additional legal conditions on electronic messaging to mobile devices. In a few ways, these laws may raise the bar for companies on compliance when sending text messages and possibly other forms of messaging to mobile devices. On October 27, 2015, New Jersey Governor Chris … Continue Reading
In Groundbreaking Settlements, Attorneys General Find Fake Social Media Engagement Illegal
By Tiffany Quach and Alexa Meera Singh on Posted in Endorsement, Social Media
Is Blockchain Technology Compatible with GDPR? French Data Protection Regulator Provides Guidance
By Tiffany Quach and Stéphanie Martinier on Posted in European Union, GDPR, International
SEC Charges Broker-Dealer and Investment Adviser with Violations of the Safeguards Rule and Identity Theft Red Flags Rule
By Tiffany Quach and Divya Taneja on Posted in Cybersecurity, Data Breaches
New York DFS Cybersecurity September 2018 Deadline
By Tiffany Quach on Posted in Cybersecurity, Legislation
D.C. Circuit’s Long-Awaited Ruling Narrows FCC’s 2015 TCPA Order
By Divya Taneja and Tiffany Quach on Posted in Direct Marketing, FCC, TCPA
South Dakota Passes Breach Notification Law, Leaving Alabama the Only U.S. State Without a Breach Notification Law
By Nicole Kramer and Tiffany Quach on Posted in Data Breaches, Legislation, Privacy Law, Security Breach Notification Laws
Colorado and Vermont Adopt Cybersecurity Rules Covering Broker-Dealers and Investment Advisers
By Tiffany Quach on Posted in Cybersecurity, Legislation
New York Department of Financial Services Provides Guidance on Cybersecurity Regulation; Colorado Financial Regulator Proposes Cybersecurity Rules Affecting Broker-Dealers and Investment Advisers
By Tiffany Quach on Posted in Cybersecurity, Legislation
New York Department of Financial Services Finalizes Cybersecurity Proposal
By Tiffany Quach on Posted in Cybersecurity, Legislation
New York Department of Financial Services Revises Cybersecurity Proposal: Greater Flexibility and Delayed Compliance Deadlines
By Tiffany Quach on Posted in Cybersecurity, Legislation
Financial Industry Groups Criticize New York Department of Financial Services Cybersecurity Proposal; New Draft to be Released on December 28, 2016
By Tiffany Quach on Posted in Cybersecurity, Legislation
California Amends Data Breach Notification Law to Require Notification of Breach of Encrypted Personal Information When Encryption Key Has Been Leaked
By Tiffany Quach on Posted in California, Data Breaches, Identity Theft, Security Breach Notification Laws
New York Department of Financial Services Proposes Cybersecurity Regulation
By Tiffany Quach on Posted in Cybersecurity, Legislation
Recent State Enactments Regulating Unsolicited Text Messaging Could Have Broad Implications for Companies that Communicate to Customers’ Mobile Devices
By Tiffany Quach on Posted in Electronic Communications, Mobile Privacy
