What Happened? On March 4, 2024, Ginnie Mae issued All Participant Memorandum (APM) 24-02 to impose a new cybersecurity incident notification requirement. Ginnie Mae has also amended its Mortgage-Backed Securities Guide to reflect this new requirement. Effective immediately, all Issuers, including subservicers, of Ginnie Mae Mortgage-Backed Securities (Issuers) are required to notify Ginnie Mae within […]
data breach
FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions
On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer information of 500 or more individuals was subject to unauthorized acquisition. The Amendment becomes effective 180 days after publication in the Federal Register. Importantly, […]
NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation
The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second Amendment, which was published November 9, 2022. While the language proposed is largely similar to the previous […]
SHIELD Act Overhauls New York’s Data Breach Notification Framework
On October 23, 2019, New York’s new breach notification provisions came into effect, a result of New York’s passage of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) in July. That Act overhauled New York’s data privacy framework, expanding the list of data elements that are considered “private information” while growing the […]
The CCPA Could Reset Data Breach Litigation Risks
A&B Abstract: While much has been written about the California Consumer Privacy Act (CCPA), the focus has primarily been on the new rights it affords California consumers to have access to and control use of their data and opt out of many transfers to third parties. While this is a sea change in data privacy […]