On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted its long-anticipated cybersecurity reporting rule (the “Final Rule”). The Final Rule applies to public companies subject to the reporting requirements of the Securities Exchange Act of 1934 and, in some cases, to foreign private issuers. As quoted in the SEC’s press release, SEC Commissioner Gary Gensler noted that many public companies already make cybersecurity disclosures to investors, and the Final Rule provides uniformity and structure for these future disclosures. The Final Rule also imposes a tight timeline for cybersecurity incident reporting and may include disclosure of an ongoing cybersecurity incident, as well as requiring periodic disclosures concerning organizational cybersecurity risk management processes and governance.
On July 7, 2022, the Consumer Financial Protection Bureau (“CFPB”) issued an advisory opinion entitled ‘“Fair Credit Reporting: Permissible Purposes for Furnishing, Using, and Obtaining Consumer Reports.”[1] The advisory opinion clarifies that “permissible purposes” under the Fair Credit Reporting Act (the “FCRA”) are “consumer specific” and highlights that a person who uses or obtains a “consumer report” is “strictly prohibit[ed]” from doing so without a permissible purpose under the FCRA. In the midst of ongoing Congressional efforts to pass a comprehensive federal data privacy law, the CFPB’s advisory opinion is a reminder of the existing rules that protect consumer privacy.
Blog Editors
Recent Updates
- Authors Predict an Increase in the Use of State Court Receivership Proceedings
- DOJ Criminal Fraud Section’s Annual Health Care Fraud Enforcement Action: “We Are a Target-Rich Environment”
- Chevron Exploded, Capitol Demonstrators Freed, Homeless Penalized—Film at Eleven - SCOTUS Today
- Term Ends with Both Bangs and Whimpers, All Highly Consequential - SCOTUS Today
- Another Leak Confirmed and Other Important Decisions and Divisions Issued, but Not Loper or Trump - SCOTUS Today