Find Someone Observant: The Vital Role of Facility Security Officers
2023 DSIR Report Deeper Dive into the Data
Guidepost in Motion - Cybersecurity Frameworks and Metrics Part 2
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The Internet of Things (“IoT”) has ushered in a new era of connectivity and convenience, but with it comes a host of legal issues and emerging theories of liability. As IoT devices become increasingly ubiquitous in our daily...more
As summarized in the first installment of our two-part blog series, President Biden recently issued a sweeping Executive Order aimed at improving the nation’s cybersecurity defense. The Order is a reaction to increased...more
When a data breach occurs, one step is often overlooked in the rush to remediate: preserving as much of the data logs and backups as possible That’s a mistake, say Debra Geroux, Shareholder at Butzel Long and Scott Wrobel,...more
Health insurer Anthem, Inc. has finally reached a settlement with a coalition of 41 states plus the District of Columbia, and a separate settlement with California, to resolve state attorney general investigations of a data...more
As discussed in a previous DBR on Data post, the U.S. Department of Education (“ED”) in recent years has repeatedly emphasized the importance of higher education institutions taking all appropriate measures to secure and...more
Report on Patient Privacy Volume 19, Number 11. (November 2019) ? The biggest threat to protected health information comes from carelessness within your organization, according to a brief from the Clearwater...more
On July 25, 2019, New York Governor Anthony Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The Act creates additional protections for the residents of New York and their private...more
The FTC recently settled with LightYear Dealer Technologies, maker of DealerBuilt software, over allegations that the company failed to provide adequate protection for the personal data it houses. The companies’ clients...more
The FTC has entered into a settlement with LightYear Dealer Technologies, doing business as DealerBuilt, a technology company that develops and sells dealer management system (DMS) software and data processing services to...more
Twelve state attorneys general have brought suit against two medical Information Technology companies. The AGs allege that the companies, Medical Informatics Engineering Inc. and its subsidiary, NoMoreClipboard LLC, had poor...more
If you clicked on this post, that means you probably fall into one of two categories. Category 1: You are really tired of having to come up with – and remember – increasingly more complicated passwords, only to then be asked...more
On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more
On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more
In a significant shift in the way the tech industry responds to hackers, an increasing number of companies are resorting to use of “bug bounty” programs that reward hackers who identify flaws in their company software and...more
On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt...more
Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more
Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more
In recent years, the SEC has been focused on cybersecurity. It has issued risk alerts, conducted examinations and provided guidance about what the agency sees as widespread weaknesses in many policies and procedures to...more
A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of...more
On Aug. 11, 2015, federal prosecutors in the District of New Jersey and the Eastern District of New York unsealed indictments against nine individuals in the U.S. and Ukraine who were allegedly involved in a five-year,...more