News

Melinda McLellan, Jonathan Forman Comment on Financial Adviser Cybersecurity Requirements Proposed in Colorado

News / April 28, 2017

Partner Melinda McLellan and Counsel Jonathan Forman are quoted in an article published April 28, 2017, in Bloomberg BNA’s “Privacy & Data Security Law” newsletter. The article, “Colorado Moving to Set Financial Adviser Cybersecurity Rule,” discusses a proposed Colorado rule that would require entities with state securities licenses to conduct an annual assessment of their cybersecurity risks.

McLellan told Bloomberg that it’s possible other states will follow Colorado's lead. “To the extent certain state governments may have concerns about lax regulatory oversight by the feds, we could see an increased appetite for taking on cybersecurity enforcement at the state level,” she said.

In his comments, Forman said that although the details need to be worked out, Colorado's rule isn't unreasonable. “The proposed rule is a recognition that cybersecurity compliance is now a cost of doing business,” he said. “Luckily, while the proposed rule is prescriptive, it allows advisers and broker-dealers to tailor their compliance programs to address their cybersecurity risk profiles.”

Read the article (registration required).

Related Services

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Deeper Dive: Choose the Right Forensics Firm for the Job
By William R. Daugherty, Eric A. Packel
April 17, 2019
Forensics are a key component of many data incident investigations. The importance of forensics cannot be overstated. In fact, in 2018, 65% of the incidents we handled involved some type of forensic investigation. Forensics firms can not...
Read More ->
Data Privacy Monitor
In BIPA's Wake, a Wave of New Biometric Privacy Proposals
By Robyn M. Feldstein, Melinda L. McLellan
April 15, 2019
Over the past year, a host of new national, state and local laws have been introduced to regulate the collection and use of biometric information. Although these proposals vary in their requirements, certain elements appear to be inspired...
Read More ->
Data Privacy Monitor
Deeper Dive: The Scourge of O365 Incidents
April 11, 2019
A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved...
Read More ->
Data Privacy Monitor
Bill to Expand CCPA Private Right of Action Moves Forward
April 11, 2019
We have previously written about California SB 561 here, introduced by Senator Jackson (D) and supported by the California Attorney General (AG), that among other things would vastly expand the CCPA’s private right of action and remove the...
Read More ->
Data Privacy Monitor
Deeper Dive: GDPR a Game-Changer for Data Breach Notification
By Laura E. Jehl, Andreas T. Kaltsounis
April 8, 2019
When the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it dramatically changed the way multinationals manage the reporting of personal data breaches. It also substantially raised the stakes: Entities found to...
Read More ->