Melinda McLellan, Jonathan Forman Comment on Financial Adviser Cybersecurity Requirements Proposed in Colorado

News / April 28, 2017

Partner Melinda McLellan and Counsel Jonathan Forman are quoted in an article published April 28, 2017, in Bloomberg BNA’s “Privacy & Data Security Law” newsletter. The article, “Colorado Moving to Set Financial Adviser Cybersecurity Rule,” discusses a proposed Colorado rule that would require entities with state securities licenses to conduct an annual assessment of their cybersecurity risks.

McLellan told Bloomberg that it’s possible other states will follow Colorado's lead. “To the extent certain state governments may have concerns about lax regulatory oversight by the feds, we could see an increased appetite for taking on cybersecurity enforcement at the state level,” she said.

In his comments, Forman said that although the details need to be worked out, Colorado's rule isn't unreasonable. “The proposed rule is a recognition that cybersecurity compliance is now a cost of doing business,” he said. “Luckily, while the proposed rule is prescriptive, it allows advisers and broker-dealers to tailor their compliance programs to address their cybersecurity risk profiles.”

Read the article (registration required).

Related Services


In The Blogs

Previous Next
Data Privacy Monitor
When Obscurity Is Not a Defense
February 22, 2018
Many organizations facing a data-security incident struggle to understand how or why their organization was targeted in an attack. Most simply believe they are too small or too obscure to be targeted by malicious cyber actors. Even larger...
Data Privacy Monitor
Recent OCR Newsletter Highlights Growing Cyber Extortion Threat for Healthcare Organizations
February 19, 2018
The OCR’s January 2018 newsletter details specific types of cyber extortion that healthcare organizations are currently encountering, including ransomware, denial of service attacks, distributed denial of service attacks and theft of...
Data Privacy Monitor
Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017
February 6, 2018
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as...
Data Privacy Monitor
SAMHSA Updates Privacy Regulations to Reflect Advancements in Healthcare
January 31, 2018
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As...
Data Privacy Monitor
Clock Ticking, European Commission Launches GDPR Implementation Guidance Website
January 26, 2018
With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of...