Race to the Top – States Push to Broaden Breach Reporting Requirements

Facebook just reported a massive data breach impacting over 50 million user accounts. And while most investment advisers are not likely to experience a breach of that scale, what is likely is that a cyber incident will occur at some point. Consequently, state regulators continue to expand the protections they require for their residents through increasingly strict data breach reporting requirements, in some cases coming very close to the international requirements imposed by the European Union’s General Data Protection Regulation (GDPR).

During a panel discussion, “State of the Data Breach: Legislative Changes and the Impact of GDPR,” at the recent Ascendant/CSS compliance conference in San Diego, Andrew Hartnett, Officer at Greensfelder, Hemker & Gale, P.C., Ronan Brennan, Chief Product Officer at CSS, and E.J. Yerzak, Director of Cyber IT Services at CSS brought attendees on a legislative journey of all that has changed in 2018 on the breach reporting front – from Alabama and South Dakota becoming the 49th and 50th states to enact data breach laws to various states including Colorado and California amending theirs. Cynthia LaRose, Chair of the Privacy and Data Security Practices at Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C., supplemented the discussion with some helpful materials about GDPR myths and misconceptions compared to the reality of the regulation.

Mr. Brennan highlighted the operational challenges firms face in complying with GDPR, such as mapping a comprehensive inventory of data and data flows as well as the importance of vendor management.

The session concluded with Mr. Hartnett reminding attendees that despite all of the changes we have seen recently in data breach laws in 2018, at the end of the day what is really important is not to memorize the nuances of all 50 state breach laws and GDPR but rather to focus on improving our cybersecurity programs (policies, procedures, testing, and training) from the outset to hopefully avoid a breach from occurring in the first place. Lining up legal and forensics support in advance to assist with the breach investigation and reporting can help firms to save their energy and efforts for maintaining an effective cybersecurity program throughout the year.


For more information on the Ascendant/CSS Shield cybersecurity solution, or to set up a demo, click here.

Related Content

Latest Content

Placing Ethics and Compliance in the Foreground of Business Decision-Making

Thinking about how to make ethics and compliance part of a business’s decision-making can prove to be challenging. By nature, compliance professionals are often results-oriented, focusing on a binary end-result; either you are in compliance, or you are not. That focus is important, but emphasizing process is also vital, John Walsh, Partner at Eversheds Sutherland … Continued

What Am I Looking At? Making Sense of Your Cyber Testing Reports

It’s no surprise that Compliance and IT do not speak the same language. Compliance staff often speak in terms of regulations and policies, whereas bits and bytes are the language of IT staff. This distinction is clear when it comes to cybersecurity risk management, as the compliance and IT audiences are looking for different takeaways … Continued

It Takes a Village – Preparing for a Regulatory Exam

Advanced planning for a regulatory exam remains a vital step in ensuring the compliance team is prepared when the exam teams comes knocking. At the recent Ascendant/CSS fall conference in San Diego, Allison Fraser moderated the conference’s capstone session on the topic, joined by Bryan Bennett, the Associate Regional Director in the examination program in … Continued

The ‘Next Frontier’ in Investment Advice

We live in a world filled with dramatic change on a scale we’ve never seen before. The speed and magnitude of change in so many areas is fueled by technology. The sheer number of processes and functions we’re able to address simply from our phones has upended so many different industries, including travel, entertainment, and … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.