Today, the FTC released Frequently Asked Questions that discuss the requirements of the Safeguards Rule, which was mandated by the Gramm-Leach-Bliley Act, and how it specifically applies to motor vehicle dealers. The FTC is committed to providing certainty to the marketplace and ensuring that it administers its regulations in a manner that minimizes burden to legitimate businesses. To…
Category: Legislation
Resource: State Data Breach Notification Laws – June 2025
For a summary of basic state notification requirements that apply to entities who “own” data, download Foley & Lardner’s State Data Breach Notification Laws Chart. They write: This chart is current as of June 2, 2025, and should be used for informational purposes only because the recommended actions an entity should take if it experiences a…
Trump Rewrites Cybersecurity Policy in Executive Order
David Perera reports: President Donald Trump signed Friday an executive order reframing U.S. cybersecurity policy, eliminating what the Republican White House described as “problematic elements” inherited from Democratic administrations. The new order strikes a push for digital identity documents made by then-President Joe Biden in one of his last acts as commander in chief. Digital IDs, the White House…
Oklahoma Expands its Security Breach Notification Law
Melissa Pascualini of Jackson Lewis The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The Amendment includes new definitions, mandates reporting to the state Attorney General, clarifies compliance with similar laws, and provides revised penalty…
North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
Hunton Andrews Kurth writes: On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions. Key requirements,…
Banks Want SEC to Rescind Cyberattack Disclosure Requirements
PAYMNTS reports: American banking groups want the Securities and Exchange Commission (SEC) to revoke its cybersecurity incident disclosure requirements. These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.” Joining the ABA were the Securities Industry…