In the latest sign of regulatory scrutiny of asset-advance companies offering consumers what regulators believe are in fact regulated “credit” under federal law and “loans” under state law, the Bureau of Consumer Financial Protection (BCFP) filed its first new lawsuit under Acting Director Mulvaney last Thursday. The complaint, filed in the Central District of California,

It seems that most employees and plan participants “think” their retirement money and data are not at risk.  This is due, in part, because:

  • there are few published incidents of breaches or potential hacks;
  • there has been not a single legal decision involving a cybersecurity breach and a retirement plan; and
  • there is no comprehensive federal regulation that protects qualified retirement plans and service providers.

This blog discusses whether retirement plans are really at risk; and if so why. It concludes with some helpful hints and practical advice to reduce such risks, some of which are tips employers (or plan sponsors) can share with retirement plan participants.

South Carolina has become the first state to enact cybersecurity legislation for the insurance industry.

On May 3, Governor McMaster signed a bill requiring South Carolina insurers to “develop, implement, and maintain a comprehensive information security program” for their customers’ data. 2017 SC H.B. 4655 (NS). Based on the insurance industry model rules, the South Carolina Insurance Data Security Act has three primary aims: it requires “licensees” to prevent, detect and remediate insurance customer data breaches.

On May 21, the North American Securities Administrators Association (“NASAA”) announced a massive and coordinated series of enforcement actions by U.S. state and Canadian provincial regulators to combat fraudulent practices involving cryptocurrency-related investment products.

As cryptocurrencies have gained in popularity, companies have increasingly turned to a method known as an initial coin offering (“ICO”) to

After 25 May 2018, data protection will be a high-risk issue for all retailers who fall within the scope of the GDPR. Organizations can be fined up to 4% of annual worldwide turnover or 20 million euros (whichever is greater) for violations of the GDPR. Moreover, the GDPR applies to any business that targets goods or services at individuals located in the EU – so retailers can be caught by the GDPR even if they have no physical presence in the Union.

Retailers should pay particular attention to how they obtain customers’ consent to marketing. The GDPR requires a high standard for consent to use personal data, and violation of the consent is a serious infringement.

In a statement on Thursday, April 26, a key House Republican on CFPB issues effectively admitted that despite his own efforts and those of the Trump Administration including Acting CFPB Director, Mick Mulvaney, Congress will almost certainly make no changes to the structure of the CFPB this year.  As a result, there will probably be

On Wednesday, the U.S. Senate voted almost entirely along party lines to invalidate, under the Congressional Review Act, the Consumer Financial Protection Bureau’s (CFPB) (in)famous 2013 Bulletin on lending discrimination in the indirect auto market via discretionary mark-ups and dealer compensation policies.  The 2013 Bulletin, construing the Equal Credit Opportunity Act and its implementing rule,

Despite the lack of significant settlements for HIPAA enforcement by the federal Office of Civil Rights (OCR) so far in 2018, states have not hesitated to patrol privacy and security breach activity and take action against perceived violations.  Indeed, under the HITECH Act, state attorneys general have their own HIPAA enforcement authority.  Two recent settlements

On March 14, 2018, the SEC and DOJ sued Jun Ying, a former Chief Information Officer within an Equifax Inc. business unit, for insider trading. Specifically, they accused him of knowing about a significant Equifax data breach prior to its public disclosure and, while in possession of that material nonpublic information, exercising his Equifax options