Privacy and Cybersecurity

A few months ago, we published a post about the OCC, FDIC, and Federal Reserve Board’s final rule to improve information sharing about cyber incidents that may affect the U.S. banking system. Under the final rule, banks and their service providers must notify their primary federal regulators within 36 hours after a notification incident has occurred. In the latest update from the regulators, they remind banks that starting May 1, banks must notify their primary federal regulators about computer-security incidents. Below is the contact information and the process for contacting each regulator:

Continue Reading May 1st is Around the Corner: Bank Computer-Security Incident Notification Requirements

On January 7, the FTC announced that a California-based lead generator agreed to settle with the FTC for $1.5 million to resolve allegations that through a number of its subsidiaries, the company induced consumers into sharing their personal financial information and then sold that information from these loan applications as “leads” to a variety of entities without regard to whether these entities are lenders or use the consumers’ data to make loans.

Continue Reading Lead Generator Settles with FTC Over Alleged FCRA and FTC Act Violations