Colorado Proposes New Cybersecurity Regulations for Investment Advisors and Broker-Dealers

The Colorado Department of Regulatory Agencies recently published a notice regarding proposed changes to the Colorado Securities Act (the “Proposal”).  This Proposal seeks to add two new rules to the Securities Act (Rule 51-4.8 and 51-4.14), each of which impose various cybersecurity requirements on broker-dealers and investment advisers, respectively.  A redline showing the proposed amendments can be …

IoT Retailer Settles Privacy Class Action for $3.75M

The Internet of Things (or “IoT”) is a hot topic in privacy circles, given its rapid expansion among everyday consumer products.  Broadly referring to Internet-connected-devices, the IoT encompasses a variety of consumer goods, such as kitchen appliances (smart ovens and refrigerators), home security, window blinds, light bulbs, and lawn care equipment.  Many personal devices are …

New Mexico Passes Data Breach Notification Legislation

Last week, the New Mexico state legislature passed a bill requiring that New Mexico state residents be notified if their non-encrypted “personal identifying information” (including biometric data) is breached. Once the bill is signed into law, New Mexico will join 47 other states with similar notification laws, and the only two hold-outs will be South Dakota and …

Congress Offers Cybersecurity Guidance for Small Businesses

Shane Olafson - Cyber Security

Earlier this week the House Small Business Committee published new cyber security and data privacy guidance for small businesses.  Those publications can be found at http://smallbusiness.house.gov/resources/committee-publications.htm, and come on the heels of a Committee hearing that highlighted cyber risks facing small businesses. According to the Committee, nearly 60 percent of small companies go out of …

Federal Court Limits FTC’s Power to Police Data Breaches

The Federal Trade Commission (FTC) is the government agency primarily responsible for imposing penalties on companies that fail to protect consumer data.  It does so under Section 5 of the Federal Trade Commission Act, which prohibits “unfair and deceptive acts or practices in or affecting commerce.” This case began in 2008, when someone found a …

States Step Up Cyber Protection for Consumers

As data breaches increase in profile and frequency, lawmakers are struggling to protect their citizens from cybercrime.  Within the past year, at least four states have beefed up their data security statutes to provide greater consumer protection.   According to a May 2016 summary by the National Conference of State Legislatures, more than 25 states in 2016 …

Would You Like the Data Theft Option with that Rental Car?

According to a recent Federal Trade Commission (“FTC”) blog post, consumers should think twice before connecting their cell phones to a rental car.   The FTC warns that the vehicle could record all kinds of data, including your personal contacts, location, web browsing, and even your text messages. This blog post written by an FTC staff attorney …