A Fine State of Mind
NYDFS me, please!
Gramm Crackers
What's up Doc?
let's get the F...TC out of here!
100

Which state does not have a breach notification regulation?

None

100

The NPI acronym in this regulation means this.

Nonpublic Information

100

FI is an abbreviation for this.

Financial Institutions

100

The letter W in WISP means that a this document needs to be this.

Written

100

FTC Section number which addresses Deceptive or Unfair Acts

Section 5

200

CCPA is the abbreviation for this recently passed regulation 

California Consumer Protection Act

200

Data breach notification clause requires FIs to report breaches within this timeframe after discovery and evaluation.

72 hours

200
a CAT in the GLBA world is not an animal but this.

Cybersecurity Assessment Tool

200

This document is concise, includes definitions and its about the "what".

Policy

200

The approach of implementing regulations for specific industries is also called this

Sectoral

300

These states had regulations that were  considered data protection laws in 2019, but in 2020 they were re-evaluated and considered too narrow to be proper data protection ones.

Nevada and Maine

300

This regulation requires this specific security control to address network access authentication.

Multi-factor

300

GLBA is enforced by this governmental organization

The FTC

300

This document provides the minimum control settings of the expected configuration of a system or process

Baselines

300

A practice that misleads a consumer is called this as per the FTC.

Deceptive (practice)

400

The regulation for this state was the first one of its kind in the country (not NY)

Massachusetts

400

An entity that operates under license, registration, charter of a banking law in NY.

Covered Entity

400

This GLBA rule focuses on ID theft prevention

Red Flags Rule
400

This area of a policy focuses on roles and responsibilities 

Governance

400

A practice that causes or is likely to cause substantial injury to consumers is called this as per the FTC.

Unfair (practice)

500

These states have straggled in developing and approving data protection regulations

South Dakota and Alabama (2018)

500

NPI's encryption requirements are based on this evaluation, as per this regulation

Risk Assessment

500

GLBA is also known under this less famous name.

Financial Services Modernization Act (of 1999)

500

This area of a policy addresses the "to whom" and "to what" such policy applies.

Scope

500

Only it can regulate the US Government.

The US Government

M
e
n
u