On October 7, 2020, The Office of the Comptroller of the Currency (“OCC”) announced that it had assessed a $400 million civil penalty against Citibank, N.A. regarding alleged deficiencies in its enterprise-wide risk management and data governance programs and its internal controls. In particular, the OCC found violations of 12 CFR Part 30, Appendix D
compliance
“CCPA 2.0” Amendments Qualify for November 2020 Ballot

On May 4, the Californians for Consumer Privacy (led by Alistair McTaggart, the real estate investor and activist behind the original ballot initiative that led to the CCPA), announced in a letter that it had collected over 900,000 signatures to qualify the California Privacy Rights Act (“CPRA”) for the November 2020 ballot. This version of…
FERC and NERC Provide Industry Guidance to Ensure Grid Reliability Amid Potential Coronavirus Impacts

On March 18, 2020, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) announced steps to ensure that operators of the bulk electric system can focus resources on safety and reliability during the COVID-19 emergency. FERC and NERC are advising all registered entities that they will consider the impact of…
Senate Democrats Introduce the Consumer Online Privacy Rights Act (COPRA)
Yesterday (November 26, 2019), a comprehensive federal privacy bill was introduced that would grant individuals broad rights with respect to their data, impose new obligations on data processors, and expand the Federal Trade Commission’s enforcement authority with respect to privacy, as well as allowing for state attorney general enforcement and individual rights of action. The…
Governor Signs Five Amendments to CCPA
Last Friday, October 11, 2019, one day after the California Attorney General issued proposed regulations to implement the California Consumer Privacy Act of 2018 (“CCPA”), the California Governor, Gavin Newsom, announced that he signed all five of the September 2019 legislative amendments to the CCPA into law. Those amendments include AB-25, AB-874, AB-1146, AB-1355, and…
Equifax Will Pay Minimum of $575 Million, up to $700 Million, in Settlement Over 2017 Data Breach
Today, the FTC announced that Equifax, Inc. will pay at least $575 million (and potentially up to $700 million) as part of a proposed global settlement with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories. Their complaint alleges that Equifax failed to take reasonable steps to…
SEC Publishes Cybersecurity Risk Alert
On August 7 2017, the U.S. Securities and Exchange Commission (SEC), through its Office of Compliance Inspections and Examinations (OCIE), published a Risk Alert summarizing observations on how broker dealers, investment advisers, and investment companies have addressed cybersecurity issues. The OCIE examined 75 financial firms registered with the SEC. The examinations focused on the firms’ …

Could Your Website Be Collecting Information from Kids? Federal Trade Commission Issues 6-Step Plan for Complying with the Children’s Online Privacy Protection Act
This month, the Federal Trade Commission (FTC) issued guidance for businesses operating websites and online services looking to comply with the Children’s Online Privacy Protection Act (“COPPA”). COPPA addresses the collection of personal information from children under 13. Importantly, the determination of whether a business’s website is “directed to children under 13” (and thus subject…