Equifax Enters Into Consent Order with State Banking Regulators Regarding 2017 Data Breach
Time 2 Minute Read
Categories: Enforcement, Information Security, U.S. State Law

As reported in BNA Privacy Law Watch, on June 27, 2018, Equifax entered into a consent order (the “Order”) with 8 state banking regulators (the “Multi-State Regulatory Agencies”), including those in New York and California, arising from the company’s 2017 data breach that exposed the personal information of 143 million consumers.

Equifax’s key obligations under the terms of the Order include: (1) developing a written risk assessment; (2) establishing a formal and documented Internal Audit Program that is capable of effectively evaluating IT controls; (3) developing a consolidated written Information Security Program and Information Security Policy; (4) improving oversight of its critical vendors and ensuring that sufficient controls are developed to safeguard information; (5) improving standards and controls for supporting the patch management function, including reducing the number of unpatched systems; and (6) enhancing oversight of IT operations as it relates to disaster recovery and business continuity.  The Order also requires Equifax to strengthen its Board of Directors’ oversight over the company’s information security program, including regular Board reviews of relevant policies and procedures.

Equifax must also submit to the Multi-State Regulatory Agencies a list of all remediation projects planned, in process or implemented in response to the 2017 data breach, as well as written reports outlining its progress toward complying with the provisions of the Order.

Tags: California, Compliance, Consent Order, New York, State Attorneys General
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 5 Minute Read
How Insurance Fundamentals Drove a Coverage Win for Uber
By and

A recent summary judgment order is a reminder that, in insurance coverage disputes, straightforward arguments can still win the day. In a coverage action arising from dozens of underlying personal injury suits, the court adopted a clear, text-based approach to the duty to defend—and ordered the insurer to provide a defense.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
California Proposes Landmark Labeling Law Targeting UPFs
By and

California has introduced Assembly Bill 2244, proposing a pioneering “California Certified” labeling standard for foods not classified as ultra-processed. The bill relies on forthcoming regulatory definitions and imposes retail placement requirements for qualifying products. As California continues to advance UPF regulation, this initiative is expected to shape food law trends nationwide.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators

As reported on the Hunton Employment & Labor Perspectives blog, SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page