Bryan Cave Partner David Zetoony has just published the 2018 Edition of the Data Privacy and Security Handbook: A Practical Guide for In House Counsel.

Five years ago few legal departments were concerned with – let alone focused on – data privacy or security. Most of those that were aware of the terms assumed that these were issues being handled by IT, HR, or marketing departments.

The world has changed. Data privacy class action litigation has erupted and data security breaches

Over the last decade as the specter of cyber attacks has increased dramatically, financial institutions have been encouraged to look into the use of cyber fraud insurance as one means of minimizing risk. A recent decision by the 8th Circuit provides an interesting opportunity to see how such policies are going to be interpreted by the courts.

In 2011, an employee at Bellingham State Bank in Minnesota initiated a wire transfer through the Federal Reserve’s FedLine Advantage Plus system (FedLine). Wire transfers

In early September 2016, the New York Department of Financial Services (“DFS”) proposed a set of data security regulations (the “Proposal”) that would govern financial institutions, banks, and insurance companies subject to the jurisdiction of the agency (“covered entities”).  After receiving public comments, DFS revised and resubmitted the Proposal on December 28, 2016.  If the Proposal ultimately goes into effect it would require that covered entities have a written information security policy (“WISP”) and outline specific provisions (substantive and procedural) that

FDIC bank examinations generally include a focus on the information technology (“IT”) systems of banks with a particular focus on information security. The federal banking agencies issued implementing Interagency Guidelines Establishing Information Security Standards (Interagency Guidelines) in 2001. In 2005, the FDIC developed the Information Technology—Risk Management Program (IT-RMP), based largely on the Interagency Guidelines, as a risk-based approach for conducting IT examinations at FDIC-supervised banks. The FDIC also uses work programs developed by the Federal Financial Institutions Examination Council (FFIEC) to conduct IT examinations of third party service providers (“TSPs”).

The FDIC Office of the Inspector General recently issued