News

Melinda McLellan, Jonathan Forman Comment on Financial Adviser Cybersecurity Requirements Proposed in Colorado

News / April 28, 2017

Partner Melinda McLellan and Counsel Jonathan Forman are quoted in an article published April 28, 2017, in Bloomberg BNA’s “Privacy & Data Security Law” newsletter. The article, “Colorado Moving to Set Financial Adviser Cybersecurity Rule,” discusses a proposed Colorado rule that would require entities with state securities licenses to conduct an annual assessment of their cybersecurity risks.

McLellan told Bloomberg that it’s possible other states will follow Colorado's lead. “To the extent certain state governments may have concerns about lax regulatory oversight by the feds, we could see an increased appetite for taking on cybersecurity enforcement at the state level,” she said.

In his comments, Forman said that although the details need to be worked out, Colorado's rule isn't unreasonable. “The proposed rule is a recognition that cybersecurity compliance is now a cost of doing business,” he said. “Luckily, while the proposed rule is prescriptive, it allows advisers and broker-dealers to tailor their compliance programs to address their cybersecurity risk profiles.”

Read the article (registration required).

Related Services

Blog

In The Blogs

Previous Next
Data Privacy Monitor
EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive
July 17, 2019
Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian...
Read More ->
Data Privacy Monitor
FTC Announces Enforcement Action, Warning Letters for Companies Falsely Claiming Privacy Shield Participation
June 21, 2019
The Federal Trade Commission (FTC) recently announced a compliance sweep of companies claiming to be in compliance with the U.S.-EU Privacy Shield and U.S.-Swiss Privacy Shield Frameworks. The U.S.-EU Privacy Shield and the U.S.-Swiss...
Read More ->
Data Privacy Monitor
Texas Moves Forward With Updates to Breach Notification Law and Institutes Privacy Council to Study Data Privacy Legislation
By Caroline B. Brackeen, William R. Daugherty
June 10, 2019
Texas is one of the many states that looked to be following in the footsteps of California’s enactment of a broad consumer privacy law (the California Consumer Privacy Act), which has far-ranging implications for businesses and consumers...
Read More ->
Data Privacy Monitor
Attempt to Expand CCPA Private Right of Action Fails, While Bills Exempting Employee Data and Otherwise Refining CCPA Advance
By Taylor A. Bloom, Alan L. Friel, Niloufar Massachi
June 5, 2019
Over the past several weeks, the California State Assembly has voted in favor of advancing to the California Senate bills that would narrow the reach of the California Consumer Privacy Act (CCPA). Senate bills did not fare as well and have...
Read More ->
Data Privacy Monitor
Nevada Adds "Do Not Sell" Requirement to Privacy Law
By Alan L. Friel, Shea M. Leitch
June 5, 2019
Last week, Nevada Governor Steve Sisolak signed new privacy legislation into law in Nevada. Senate Bill 220 (SB-220) updates Nevada Revised State 603A to provide consumers a new right to opt out of the sale of their data. Effective Oct. 1...
Read More ->