Although other legal and regulatory issues, ranging from financial reform to executive compensation, have firmly grabbed the spotlight, the stealth issue for 2010 may well be data security and privacy. Indeed, a broad class of businesses will face an array of new privacy obligations as a result of new requirements adopted on both the federal and state levels. In addition, Congress is actively considering new data privacy legislation that would, among other things, require firms to notify customers in any instance of a data breach.
On the regulatory front, several new federal privacy rules go into effect this year. By June 1, 2010, many financial institutions and creditors will need to adopt written programs, pursuant to the Federal Trade Commission’s Red Flags rule, that are designed to identify, detect, and respond to red flags of identity theft. By that same date, securities broker-dealers, investment advisers, and other entities registered with the Securities and Exchange Commission will need to develop compliance approaches under Regulation S-AM, which limits the ability of SEC-registered firms to market customers based on data obtained from their affiliates absent a notice and opportunity for customers to “opt-out.” In addition, banks and other financial institutions now have the option of using a new model privacy notice to inform customers about their privacy practices. Firms electing to use the new form notice, which was adopted in December by the FTC, SEC, and federal bank regulators, obtain the benefit of a regulatory safe harbor.
For a very complete analysis from Corporate Counsel click here.