Privacy and Security for Financial Institutions: New Threats and Risk Mitigation

Since the onset of the COVID-19 pandemic, increased reliance on technology and electronic media has intensified data privacy and security risks, including with respect to financial data. In addition to increased phishing and similar efforts to wrongfully procure personally identifiable information, banking and credit card details, and passwords, the new threat of class actions for violations of the "reasonable security" standard in the California Consumer Privacy Act (CCPA) also presents a risk. Moreover, as of July 1, enforcement of the CCPA's separate privacy rules requiring certain notices to consumers, responses to consumer requests and restrictions on ";sales" of personal information is expected to commence. Although financial services companies enjoy some exemption from these CCPA rules, they are not entirely exempt.

This webinar focuses on ways financial services companies can strive to mitigate privacy and data security risks in the current environment. We discuss both the CCPA's private right of action for data security breaches and the scope of the CCPA's privacy-related requirements as applicable to financial services companies, as well as other states' data privacy and security mandates, including the New York Department of Financial Services Cybersecurity Regulation and the SHIELD Act. We also examine specific privacy and security issues directly related to the COVID-19 pandemic (e.g., contact-tracing apps, holding health information of employees returning to work, and new challenges in the work-from-home environment).