California Court of Appeal Lifts Stay of CCPA Enforcement Deadlines
All Fintech
Cybersecurity
February 29, 2024
The Case
In a significant ruling on February 9, 2024, the California Court of Appeal reversed a trial court judgment that had stayed enforcement of California Consumer Privacy Act (CCPA) regulations. This decision will make certain CCPA regulations, which a court order had previously stayed, become immediately effective once again.
Why Does This Matter?
The action highlights how new CCPA legislations are forcing a radical rethink for collecting, storing, and deploying personal information. Some of the key concerns highlighted by this and previous actions include:
transparency of data breach disclosures
multi-factor authentication for email accounts
security of cloud-based email accounts, and
the importance of implementing an adequate incident response plan.
Such heightened regulatory focus underscores the need for fintechs to maintain cybersecurity measures and protect client data.
InnReg's Experience
Since its inception in 2013, InnReg has developed deep expertise in compliance services related to customer data protection and cybersecurity measures as part of its work during FINRA examinations and managing compliance programs for a wide range of fintechs.
Learn More About This Topic
For additional insights, read InnReg’s free Data Protection Compliance Checklist to help you build best practices to meet evolving regulatory requirements.
Blockchain
On December 30, 2024, the US Department of the Treasury and the IRS issued final regulations focused on decentralized finance (DeFi) platforms and their role in digital asset transactions.
RIAs
The Securities and Exchange Commission announced charges against nine investment advisors and three broker-dealers for failures by the firms and their personnel to maintain and preserve electronic communications in violation of recordkeeping provisions of the federal securities laws.
RIAs
The SEC’s order finds that, from at least October 2018 until January 2022, an investment advisory firm stated in its offering materials and other documents provided to prospective and existing private fund investors that it was voluntarily complying with AML due diligence laws despite those laws not applying to investment advisors.
