Skip to Content (Press Enter)

Skip to Nav (Press Enter)

Cybersecurity

Subscribe to Consumer Finance

Thank you for your desire to subscribe to Severson & Werson’s Consumer Finance Weblog. In order to subscribe, you must provide a valid name and e-mail address. This too will be retained on our server. When you push the “subscribe button”, we will send an electronic mail to the address that you provided asking you to confirm your subscription to our Weblog. By pushing the “subscribe button”, you represent and warrant that you are over the age of 18 years old, are the owner/authorized user of that e-mail address, and are entitled to receive e-mails at that address. Our weblog will retain your name and e-mail address on its server, or the server of its web host. However, we won’t share any of this information with anyone except the Firm’s employees and contractors, except under certain extraordinary circumstances described on our Privacy Policy and (About The Consumer Finance Blog/About the Appellate Tracker Weblog) Page. NOTICE AND AGREEMENT REGARDING E-MAILS AND CALLS/TEXT MESSAGES TO LAND-LINE AND WIRELESS TELEPHONES: By providing your contact information and confirming your subscription in response to the initial e-mail that we send you, you agree to receive e-mail messages from Severson & Werson from time-to-time and understand and agree that such messages are or may be sent by means of automated dialing technology. If you have your email forwarded to other electronic media, including text messages and cellular telephone by way of VoIP, internet, social media, or otherwise, you agree to receive my messages in that way. This may result in charges to you. Your agreement and consent also extend to any other agents, affiliates, or entities to whom our communications are forwarded. You agree that you will notify Severson & Werson in writing if you revoke this agreement and that your revocation will not be effective until you notify Severson & Werson in writing. You understand and agree that you will afford Severson & Werson a reasonable time to unsubscribe you from the website, that the ability to do so depends on Severson & Werson’s press of business and access to the weblog, and that you may still receive one or more emails or communications from weblog until we are able to unsubscribe you.

Judge Davila of the Northern District of California held that the file transfer service was not a "business" under the CCPA and grants defendant's motion to dismiss.  The analysis turns on whether or not defendant determine how or why to process consumer PI. Accellion moves to the dismiss Plaintiffs' CCPA claim on two grounds: (1) Accellion is not a “business”… Read More

The FTC has announced additional time for financial institutions to comply with new Safeguards Rule changes.  In response to personnel shortages and supply chain issues, the new deadline is June 9, 2023: What provisions are included in the six-month extension?  Consult the Federal Register Notice for details, but the extension applies to provisions in the revised Rule that require covered companies to:… Read More

The Conference of State Bank Supervisors recently released new tools for nonbank financial services companies to improve their cybersecurity posture.   The CSBS - Baseline Nonbank Exam Program V1.0 and the CSBS - Enhanced Nonbank Exam Program V1.0 are tools used by state examiners nationwide to assess the cyber preparedness of nonbank entities, and provides these institutions the ability to improve their… Read More

The FTC announced an advanced notice of proposed rulemaking on commercial surveillance and security.  “Commercial surveillance” is defined as the business of collecting, analyzing and profiting from consumer data. The FTC seeks public comment on implementation of new rules on how businesses "(1) collect, aggregate, protect, use, analyze, and retain consumer data, as well as (2) transfer, share, sell, or… Read More

On August 11, 2022, the CFPB issued a circular on data security and the question "[c]an entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?"  The short answer is "yes." The CFPB highlights specific security measures to minimize risk. In line with the new… Read More

In United States v. Thompson, No. CR19-159-RSL, 2022 U.S. Dist. LEXIS 101558, at *3-7 (W.D. Wash. June 7, 2022), Judge Lasnik denied the Government's Motion in Limine to exclude evidence regarding cyber-security vulnerabilities at the corporate victim or other victim entities that are unrelated to the specific vulnerability that defendant allegedly exploited in the case at hand The government moves… Read More

On March 9, the SEC proposed Cybersecurity rules for public companies that if adopted,  would impose substantial new reporting obligations for material cybersecurity incidents and cybersecurity risk management, strategy, and governance.   A copy of the proposed Rules can be found at https://www.sec.gov/rules/proposed/2022/33-11038.pdf Read More

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory yesterday, alerting companies who engage with victims of ransomware attacks of potential sanctions risks for facilitating ransomware payments.  This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program. It identifies U.S. government resources for reporting… Read More

The CCPA went live on January 1, 2020, creating a cause of action and potential liability of between $100 to $750 per person for a data breach deriving from a business' failure to maintain reasonable policies and procedures.  Unfortunately, the CCPA does not define the term "reasonable".  While compliance lawyers and consultants properly have been advising their clients to shore… Read More