Melinda McLellan, Jonathan Forman Comment on Financial Adviser Cybersecurity Requirements Proposed in Colorado

News / April 28, 2017

Partner Melinda McLellan and Counsel Jonathan Forman are quoted in an article published April 28, 2017, in Bloomberg BNA’s “Privacy & Data Security Law” newsletter. The article, “Colorado Moving to Set Financial Adviser Cybersecurity Rule,” discusses a proposed Colorado rule that would require entities with state securities licenses to conduct an annual assessment of their cybersecurity risks.

McLellan told Bloomberg that it’s possible other states will follow Colorado's lead. “To the extent certain state governments may have concerns about lax regulatory oversight by the feds, we could see an increased appetite for taking on cybersecurity enforcement at the state level,” she said.

In his comments, Forman said that although the details need to be worked out, Colorado's rule isn't unreasonable. “The proposed rule is a recognition that cybersecurity compliance is now a cost of doing business,” he said. “Luckily, while the proposed rule is prescriptive, it allows advisers and broker-dealers to tailor their compliance programs to address their cybersecurity risk profiles.”

Read the article (registration required).

Related Services


In The Blogs

Previous Next
Data Privacy Monitor
The Weekly Privacy Rewind
December 18, 2018
State AGs Coalition of AGs Asks Social Security Administration to Establish Database of SSNs to Combat ID Theft • Forty-three state AGs sent a letter to acting Social Security Administration (SSA) Commissioner Nancy Berryhill urging the...
Data Privacy Monitor
Wearables in The Arena: The Shifting Legal Landscape Governing Fitness Trackers in Professional Sports
By Robyn M. Feldstein, Ronald B. Gaither, Elizabeth G. McCurrach, Melinda L. McLellan
December 17, 2018
The use of wearable technology (colloquially known as “wearables”) has been on the radar of athletes, sponsors, sports teams and leagues for years, with the various constituencies carefully balancing the necessity for player privacy with...
Data Privacy Monitor
New Guidance on GDPR Data Processing Contracts Published by the UK ICO
By David M. Brown
December 14, 2018
The U.K. Information Commissioner’s Office (ICO) recently published guidance on contracts between controllers and processors. This new guidance provides a more in-depth and detailed discussion of the key issues than did a previously...
Data Privacy Monitor
Controversial Australian Encryption Act Denounced by Privacy and Cryptography Advocates
By Brian P. Bartish
December 13, 2018
Last week, Australia’s parliament passed a controversial act that will enable law enforcement and intelligence agencies to compel access to encrypted communications. In an explanatory memorandum, the Australian Parliament stated that the...
Data Privacy Monitor
The Weekly Privacy Rewind
By Aaron R. Lancaster
December 10, 2018
California Consumer Protection Act Privacy Groups Urge California Lawmakers Not to Weaken California Consumer Privacy Act • A variety of privacy groups, including the Electronic Frontier Foundation, the Digital Privacy Alliance and the...