Archives: Financial Privacy

Subscribe to Financial Privacy RSS Feed

SEC Updates Data Privacy and Cybersecurity Guidance for Registered Firms

Photo of Jonathan A. FormanPhoto of Matt FriedmanBy Jonathan A. Forman and Matt Friedman on Posted in Cybersecurity, Enforcement, Financial Privacy
On April 16, 2019, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a risk alert, “Investment Adviser and Broker-Dealer Compliance Issues Relating to Regulation S-P – Privacy Notices and Safeguard Policies,” highlighting its data privacy and cybersecurity observations from recent examinations of registered firms. Regulation S-P By … Continue Reading

FINRA Issues Recommendations and Best Practices to Address Common Cybersecurity Risks for Broker-Dealer Firms

By Will R. Daugherty and Caroline B. Brackeen on Posted in Financial Privacy
The Financial Industry Regulatory Authority (FINRA) has issued its “Report on Selected Cybersecurity Practices – 2018” to provide further guidance to broker-dealer firms in developing and improving their cybersecurity programs. The report piggybacks on FINRA’s 2015 “Report on Cybersecurity Practices” by identifying five common cybersecurity risks and outlining recommended practices addressing these risks: • Branch … Continue Reading

The IRS Succeeds in Compelling Crypto Exchange to Disclose User Information

By Laura E. Jehl and Stephanie N. Malaska on Posted in Financial Privacy, Virtual Currency
As the price of bitcoin leaps and lurches toward new highs, it seems fitting that the legal regime surrounding it and other virtual currencies is similarly unpredictable. With bitcoin edging its way into mainstream finance, and Coinbase, one of the world’s largest exchanges of bitcoin and other cryptocurrencies, currently holding the top spot on Apple’s … Continue Reading

Blockchain – The Future of Digital Identity?

By Laura E. Jehl on Posted in Financial Privacy
Government agencies, prominent tech companies, startups and newly-created foundations are all working to develop a new paradigm for proof of identity based on blockchain technology. Known as “digital identity,” “decentralized identity,” or “self-sovereign identity,” it would allow individuals to control their own digital identities, limit access to personal data, and provide a much-needed, secure replacement … Continue Reading

FINRA Video Series Highlights Broker-Dealers’ Common Cybersecurity Deficiencies

By Andrew W. Reich on Posted in Cybersecurity, Financial Privacy
In a series of three video programs published on the FINRA website in recent weeks, FINRA provided guidance on common deficiencies it has been seeing in its cybersecurity examinations of member firms, and recommended a number of measures to address these issues. Firms should heed these warnings both so that they are prepared for when FINRA … Continue Reading

New York DFS Updates FAQs to Clarify Applicability of Cybersecurity Regulation

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Financial Privacy, State Legislation
With the first compliance deadline now less than two months away, the New York Department of Financial Services (NYDFS) has provided additional clarity concerning its new Cybersecurity Requirements for Financial Services Companies (the “Cybersecurity Regulation”) by publishing an update to previously issued Frequently Asked Questions. We reported on the forthcoming Cybersecurity Regulation in January and … Continue Reading

Colorado Proposes Cybersecurity Requirements for Investment Advisers and Broker-Dealers

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Financial Privacy, Information Security
On March 27, 2017, the Colorado Department of Regulatory Agencies proposed changes to the Colorado Securities Act that would impose new cybersecurity requirements on investment advisers and broker-dealers (the “Proposed Rule”). Among other obligations, the Proposed Rule would require these entities to include cybersecurity as part of their risk assessments, and establish and maintain written … Continue Reading

Finalized New York Department of Financial Services Cybersecurity Regulation to Take Effect March 1

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy, Information Security
On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take effect on March 1, 2017. This final iteration, issued following an additional 30-day comment period, is in large part the same as the revised version dated … Continue Reading

FINRA Seeks Comment on Blockchain

By David M. Brown on Posted in Financial Privacy
On Jan. 18, 2017, the Financial Industry Regulatory Authority (FINRA) became the latest organization to weigh in on distributed ledger technology (DLT), also known as blockchain. Recognizing the growing interest and potential benefits surrounding the implementation of DLT, FINRA published a report examining the impact of blockchain on the financial services industry. Blockchain is essentially … Continue Reading

New York Department of Financial Services Issues Revised Cybersecurity Regulations

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy
With the clock ticking down to the new year, on December 28, 2016, the New York State Department of Financial Services (NYDFS) released highly anticipated revisions to its proposed Cybersecurity Requirements for Financial Services Companies (the “Proposal”). As we previously reported, the NYDFS first announced the proposed regulations in September; at that time, they were … Continue Reading

Digital Currency Exchange Customers Targeted in IRS Information-Gathering Sweep

Photo of Jeffrey H. ParavanoBy Carol Van Cleef, Jeffrey H. Paravano and Jay R. Nanavati on Posted in Financial Privacy
Coinbase, one of the largest digital currency exchange companies in the world, will likely be asked to provide the Internal Revenue Service (IRS) with transactional data and other information on all U.S. customers who used its services over a three-year period. Using what is known as a “John Doe” summons, the IRS has formally requested … Continue Reading

New York Department of Financial Services Proposes First Rule of Its Kind for Financial Institutions

By Kathryn Mellinger and Suchismita Pahi on Posted in Financial Privacy
In November, we reported on a proposal by the New York Department of Financial Services (NYDFS) for an extensive cybersecurity framework for its regulated financial institutions. Recently, Governor Cuomo announced a proposed rule requiring banks, insurance companies and other financial services institutions regulated by the NYDFS to establish and maintain a strong cybersecurity program. These … Continue Reading

$90 Million Cyber Thefts From Banks Using SWIFT Network Raise Security Issues

By Randal L. Gainer on Posted in Financial Privacy
In February 2016, attackers stole $81 million from the Bangladesh central bank’s account at the New York Federal Reserve Bank by hacking into the Bangladesh bank’s computer network and sending fraudulent messages through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) payment network. In January 2015, attackers netted $9 million in funds from an Ecuadorian … Continue Reading

PayPal Reaches Settlement With Texas Over Venmo Privacy and Security Disclosures

Photo of Craig A. HoffmanPhoto of Douglas A. VonderhaarBy Craig A. Hoffman and Douglas A. Vonderhaar on Posted in Financial Privacy
Venmo is a peer-to-peer mobile payments service that PayPal acquired in 2013. Users can transfer money to another person using a mobile or web application (e.g., send money to a friend to split the cost of dinner). On May 20, 2016, Texas Attorney General Ken Paxton announced that Texas had entered into an Assurance of … Continue Reading

Deeper Dive: Plan for Regulatory Scrutiny in Financial Services Data Security Incidents

Photo of Gerald J. FergusonBy Gerald J. Ferguson and Jenna N. Felz on Posted in Cybersecurity, Financial Privacy
Financial services industry companies were involved in 18% of the over 300 data security incidents we helped manage in 2015, and reported in our 2016 BakerHostetler Data Security Incident Response Report (the “Report”). After healthcare, the financial services industry was the second most affected industry according to the data we reported. It is not surprising … Continue Reading

Data Security in the Financial Industry: Five Key Developments to Keep An Eye on in 2016

By Jenna N. Felz on Posted in Financial Privacy
According to a 2015 report on threats to the financial services sector, 41% of financial services organizations polled had experienced a data breach or failed a compliance audit in the previous year, and 57% listed preventing a data breach as their top IT priority.  Reflecting the ever-increasing awareness of threats to financial data security, 2015 … Continue Reading

Financial Institutions Privacy and Security – 2013 Year in Review

Photo of Gerald J. FergusonBy Anne Foster and Gerald J. Ferguson on Posted in Data Breaches, Financial Privacy
Throughout 2013, financial institutions continued to face serious threats from cybercriminals targeting the personal information of banking customers and their financial assets through the use of malicious software and denial of service attacks (DDoS).  In fact, according to the Verizon 2013 Data Breach Investigation Report, which is available here, thirty-seven percent of breaches this year … Continue Reading

Visa Loses Motion to Dismiss in Genesco Case – Are the Days for PCI Assessments Numbered?

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Financial Privacy
Co-Authored by: Judy Selby In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and restitution arising out of fines and assessments levied by Visa in the wake of a massive data … Continue Reading

Vermont and North Dakota Amend Breach-Notice Laws

By Michael Young on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Financial Privacy, HIPAA/HITECH, Medical Privacy
On May 13, 2013, Vermont Governor Peter Shumlin signed H.513 into law. The new law includes an amendment to Vermont’s Security Breach Notice Act, 9 V.S.A. § 2435. Previously, under § 2435, Vermont-regulated financial institutions were exempt from notifying any Vermont authority in case of a security breach involving personally identifiable data. The new law … Continue Reading

Proposed FFIEC Guidance on Financial Institution Social Media Use

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Financial Privacy, Social Media
The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance.  There is a 60-day comment period.  The purpose of the guidance is to help banks, savings associations, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau (CFPB) understand and address … Continue Reading

Bank Agrees to Reimburse Company for Funds Taken Through Online Bank Account Theft

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Financial Privacy
We reported in July on a First Circuit Court of Appeals decision finding that a bank failed to implement commercially reasonable security methods to prevent unauthorized transfers by a criminal that gained the online banking credentials of a construction company.  The criminal was able to steal $345,000 from the construction company’s account.  It was then reported on … Continue Reading

Internet Banking Authentication Security Procedures Found Commercially Unreasonable

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Financial Privacy, Identity Theft, Online Privacy
It is a common scenario—a company’s computer system becomes infected with some variant of the Zeus Trojan with a key logger that sends key strokes out to a command and control server operated by a criminal. The criminal searches the key strokes to find login credentials to that company’s Internet bank account, which are used … Continue Reading

SEC and CFTC Propose Identity Theft Prevention Rules

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Financial Privacy, Identity Theft
Reflective of an increased interest in data privacy concerns, on February 28, 2012, the Securities and Exchange and Commodity Futures Trading commissions jointly released proposed rules designed to protect investors from identity theft by mandating the creation of programs to detect potential security threats.  The proposed rules are meant to implement Title X of the … Continue Reading

Speier Introduces “Do Not Track Me Online Act of 2011”

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Behavioral Advertising, Federal Legislation, Financial Privacy, Online Privacy
The FTC—in its December 2010 online privacy report and testimony before Congress—discussed the need for a browser-based “Do Not Track” mechanism to give consumers greater control over behavioral advertising.  Under the “Do Not Track Me Online Act of 2011” (H.R. 654)—introduced by Rep. Speier (D-CA) on February 11—the FTC will have 18 months to establish … Continue Reading
LexBlog