Data breach notification
Data breach notification obligations have direct operational weight for Trade and Geopolitical Risk teams, particularly where cross-border data flows intersect with export controls, sanctions screening systems, and third-party trade intelligence vendors. The U.S. Federal Trade Commission's Safeguards Rule amended notification requirements now apply to non-bank financial firms handling trade finance data, while the European Data Protection Board has issued binding guidance on breach timelines that conflicts with certain U.S. Treasury Office of Foreign Assets Control reporting windows. Compliance teams are currently pressure-testing incident response playbooks against both regimes to avoid a notification to one authority that inadvertently telegraphs sensitive counterparty data to another.
Watch
- FTC Safeguards Rule 30-day notification trigger: does it cover your trade data vendors?
- EDPB 72-hour clock runs parallel to OFAC SDN-related incident holds
- Singapore PDPC mandatory breach notification threshold lowered in 2024 amendments
- Conflict between EU notification disclosure requirements and U.S. export control confidentiality obligations
- SEC cybersecurity incident disclosure rules now reach firms with sanctioned-party screening systems
Recent material activity in Trade & Geopolitical Risk
-
OFAC designates 14 entities linked to Russian defense procurement network
The Treasury Department's Office of Foreign Assets Control added 14 entities and 6 individuals to the Specially Designated Nationals list for their roles in procuring critical technology components for Russia's defense i…
Read a full sample brief → -
BIS adds 22 Chinese semiconductor entities to Entity List for advanced chip diversion
The Bureau of Industry and Security expanded export controls targeting Chinese semiconductor entities found to be diverting advanced computing chips through third-country intermediaries. New license requirements affect i…
Read a full sample brief →