As we turn the page on 2018, let’s reflect on some of the key privacy and cybersecurity issues that will continue to occupy our hearts and minds in 2019....more
1/4/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
Cybersecurity ,
Data Breach ,
Data Security ,
Internet of Things ,
Marriott ,
Personally Identifiable Information ,
Popular ,
Regulatory Oversight ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
Verizon ,
Yahoo!
The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more
11/28/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Employment Litigation ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care
This month marks fifteen years of observing National Cyber Security Awareness Month (NSCAM) in October. The program was started way back in 2004, by the U.S. Department of Homeland Security and the National Cyber Security...more
The New York Department of Financial Services (“NYDFS”) has adopted a regulation that requires “consumer credit reporting agencies” (“CCRAs”) to register with the NYDFS, prohibits CCRAs from engaging in certain practices, and...more
Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance...more
6/6/2018
/ Beneficial Owner ,
BSA/AML ,
Customer Due Diligence (CDD) ,
Cyber Threats ,
Cybersecurity ,
Financial Fraud ,
Fraud Prevention ,
Money Laundering ,
OCC ,
Popular ,
Risk Management ,
Third-Party Risk
South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed...more
5/21/2018
/ Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Incident Response Plans ,
Information Technology ,
Insurance Industry ,
NAIC ,
Popular ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
Third-Party Service Provider
The fallout from the Yahoo data breaches continues to illustrate how cyberattacks thrust companies into the competing roles of crime victim, regulatory enforcement target and civil litigant. ...more
5/14/2018
/ Class Action ,
Criminal Conspiracy ,
Criminal Prosecution ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Failure To Disclose ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Publicly-Traded Companies ,
Russia ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
Yahoo!
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. The law will take effect on May 1, 2018....more
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018.
...more
4/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
South Dakota has become the 49th State to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The law will take effect on July 1, 2018....more
3/23/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
On February 21, 2018, the U.S. Securities and Exchange Commission approved the release of Interpretive Guidance relating to public company disclosures of cybersecurity risks and incidents. ...more
2/23/2018
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
Insider Trading ,
Interpretive Rule ,
Non-Public Information ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
2/22/2018
/ Article III ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Petition for Writ of Certiorari ,
Popular ,
Standing
A global group of data privacy regulators has, for the first time, set forth data privacy and security guidance on the development of automated and connected-car technologies. ...more
Delaware has joined the growing list of states that have recently amended their data breach laws. With passage of the first significant amendments to its data breach law since 2005, Delaware continues a state-law trend of...more
The Maryland General Assembly recently amended the Maryland Personal Information Protection Act to expand the definition of personal information, provide a 45-day timeframe for providing notice of a breach, allow for...more
The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
8/3/2017
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Standing
The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more
7/17/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Risk
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
The Colorado Division of Securities (Division) has published final cybersecurity rules applicable to broker-dealers and investment advisers. The Colorado Attorney General's office has 20 days to write an opinion on the rules,...more
The U.S. Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert in the wake of the widespread WannaCry ransomware attack that has inflicted hundreds of thousands...more
5/19/2017
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Investment Management ,
Malware ,
OCIE ,
Phishing Scams ,
Ransomware ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC)
President Trump recently signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order sets forth the Trump Administration's policy for cybersecurity of...more
5/18/2017
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Executive Orders ,
Hackers ,
Popular ,
Risk Management ,
Trump Administration
Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more
5/17/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware
The Colorado Division of Securities recently issued proposed rules directed at establishing cybersecurity requirements for broker-dealers and investment advisers. The proposed rules were issued only a month after New York...more
New Mexico recently became the 48th state to enact a data breach notification law. This continues the accelerated pace of state data breach legislative activity in the last two years. Since 2015, at least 41 states have...more
The New York Department of Financial Services (NYDFS) announced today a revised regulation that will require all institutions subject to NYDFS supervision to establish and maintain a cybersecurity program meeting "certain...more
12/29/2016
/ Banking Sector ,
Banks ,
Chief Information Security Officer (CISO) ,
Comment Period ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Risk Management ,
Third-Party Service Provider