Tiffany Quach

Photo of Tiffany Quach

Latest Articles

On January 30, 2019, the Office of the New York Attorney General (“NY AG”) and the Office of the Florida Attorney General (“Florida AG”) announced settlements with Devumi LLC and its offshoot companies (“Devumi”), which sold fake social media engagement, such as followers, likes and views, on various social media platforms. According to the NY AG, such social media engagement is fake in that “it purports to reflect the activity and authentic favor of actual…
Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data. To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection regulator, published an initial report analyzing certain fundamental questions regarding the interaction between blockchain technology and the GDPR’s…
Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data. To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection regulator, published an initial report analyzing certain fundamental questions regarding the interaction between blockchain technology and the GDPR’s…
In September 2018, the Securities and Exchange Commission (“SEC”) announced that broker-dealer and investment adviser Voya Financial Advisors Inc. (“VFA”) agreed to pay $1,000,000 to settle charges related to alleged failures in its cybersecurity policies and procedures relating to a data breach that compromised the personal information of 5,600 customers. The SEC charged VFA with violating Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)) (the “Safeguards Rule”) and Rule 201 of Regulation S-ID (17…
The New York Department of Financial Services cybersecurity regulation 23 NYCRR 500 (the “Regulation”) came into effect in March 2017 and established four staggered compliance deadlines for its various requirements. By the third deadline of September 3, 2018, Covered Entities are required to be in compliance with sections 500.06 (audit trails), 500.08 (application security), 500.13 (limitations on data retention), 500.14(a) (training and monitoring), and 500.15 (encryption of nonpublic information).…
On March 16, 2018, the D.C. Circuit Court of Appeals released a long-awaited decision in ACA International, et al. v. FCC, unanimously ruling to narrow a 2015 Federal Communications Commission (FCC) order (the “2015 Order”) that expanded the scope of the Telephone Consumer Protection Act (TCPA). The TCPA is a federal law that governs marketing to telephones (including text messages) and fax machines, as well as the use of automatic telephone dialing systems (referred to…
On March 21, 2018, South Dakota Governor Daugaard signed S.B. 62, enacting the state’s first data breach notification law, which will go into effect July 1, 2018. Previously, Alabama and South Dakota were the only U.S. states without data breach notification. As of July 2018, Alabama will be the last state without a data breach notification law, though this may soon change. The District of Columbia and three U.S. territories – Guam, Puerto…
While there has been a great deal of attention being paid lately to the use of blockchain for the issuance and investment (or speculation) in cryptocurrencies, other enterprise-based applications of blockchain continue to be deployed with increasing frequency but less fanfare. One of the more recent deployments of blockchain – viewed as a milestone in the world of supply chain logistics – is based on Easy Trading Connect (“ETC”), a blockchain-based system developed by…
The Colorado Senate is considering a bill to utilize blockchain or other distributed ledger technology for a variety of purposes, including to improve the state government’s operations and cybersecurity. Senate Bill 18-086 (which was introduced on January 16, 2018) focuses on exploring a number of “transformative improvements” that distributed ledger technologies can offer to state governments, including reducing fraud in state-controlled programs, mitigating risk through improved risk evaluation and quantification, and enhancing cybersecurity and protection of…
State financial regulators in Colorado and Vermont recently adopted cybersecurity rules that apply to broker-dealers and investment advisers regulated by those states as well as certain other “securities professionals” in Vermont. The broad definition of “securities professional” in Vermont’s regulation (“any person providing investment-related services in Vermont”) could include entities that do not generally consider themselves to be regulated by Vermont’s financial regulator. Colorado’s and Vermont’s cybersecurity rules require covered entities to implement certain practices…