Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity & Infrastructure Security Agency (CISA) is recommending that the patches be applied...more
AI may be both the most “powerful capability of our time” and the “most powerful weapon of our time." That’s according to Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency, when interviewed...more
Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. By design, OT underpins many critical...more
Last month, on Data Privacy Day, Colorado’s Attorney General Philip Weiser released prepared remarks entitled “The Way Forward on Data Privacy and Data Security” that shed some light on his approach to enforcing Colorado’s...more
The new data security requirements provision of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into full force as of March 21, 2020, and all people and businesses, regardless of the state in...more
Earlier this month the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act") went into effect. The law, which was signed in July of last year by Governor Andrew Cuomo, makes several important changes to New...more
One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week. ...more
In the fall of last year, we wrote about the passage of the SHIELD Act (the Act) in New York, which expanded aspects of the state’s breach notification requirements (Breach Requirements) and created a statutory obligation to...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC...more
Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more
New data retention limitations and disposal requirements on some types of businesses in New York will go into effect on March 21, 2020, under the Stop Hacks and Improve Electronic Data Security (SHIELD Act) that was signed...more
From late June 2019 through mid-October 2019, a handful of states amended their data breach notification statutes. Specifically, six states amended their states to (1) require notice to the State Attorney General, (2) broaden...more
Last Thursday, Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses...more
As mega-breaches heighten concern about the security of personal information and a federal solution does not appear forthcoming, New York recently joined the growing list of states imposing their own security obligations on...more
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more
New York Governor Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The law amends the existing data breach notification law and adds new cybersecurity requirements. The SHIELD Act...more
On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") amending New York's data breach notification law. This adds to the growing list of states...more
On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The SHIELD Act modifies the current Breach Notification Law to expand the types of data...more
On October 24, the National Association of Insurance Commissioners (NAIC) Executive (EX) Committee and Plenary granted final approval to Version 6 (with technical corrections) of the Insurance Data Security Model Law (Model)....more
How do you ensure that an Internet-connected sensor or device—often inexpensive and designed for lifespans of up to 20 years or more—can be secured against not only the intrusions of today but also those of the future? This...more
We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP)....more
What a great idea! Trusty Consumer Reports has announced that it is collaborating with three cybersecurity firms to “create a new standard that safeguards consumers’ security and privacy—and we hope industry will use...more
In December 2016, Thomas Curry, the Comptroller of the Currency, stated that cybersecurity was the single greatest systemic threat to our financial system. He was not being hyperbolic. Cybersecurity should be on...more
On January 4, the Financial Industry Regulatory Authority (FINRA) published its annual Regulatory and Examination Priorities Letter providing firms with information about areas FINRA plans to review in 2017 as well as...more