Employee security awareness training is a best practice and a “reasonable safeguard” for protecting the privacy and security of an organization’s sensitive data. The list of data privacy and cybersecurity laws mandating...more
A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
In today's evolving world of security and data privacy, K-12 schools, universities, local governments, and hospitals are increasingly finding themselves on the same list: vulnerable to the threat of a cyberattack....more
Takeaway: As cybersecurity risk increases, large enterprises and government agencies are, increasingly, forcing smaller vendor companies to obtain cyber insurance to help manage the risk of a data breach. To prepare for an...more
Is your business one that has not prioritized compliance with data privacy laws because you do not collect personal data about your customers? If so, you are in good company, but it is time to reframe your approach on data...more
The FTC recently settled its enforcement action involving data privacy and security allegations against an online seller of customized merchandise. In addition to agreeing to pay $500,000, the online merchant consented to...more
When Massachusetts issued its data security regulations in 2009 (Regulations), it led the way for states on data security. The Regulations became effective 12 years ago, almost to the day, March 1, 2010. The Bay State is now...more
To kick off the countdown to World Data Privacy Day, we want to provide businesses, organizations and individuals with a few import reminders going into 2022. With the increase in data privacy laws and enforcement, data...more
Recently, the largest gasoline pipeline in the United States fell victim to a ransomware attack that caused the pipeline to go offline for several days. In addition to causing gas shortages across the Southeastern United...more
In a notable event on Election Day this November, California voters approved amendments to the California Consumer Privacy Act (CCPA) and enacted a new statute – the California Privacy Rights Act (CPRA). The new statute...more
Key Point: California AG Becerra’s investigation into security flaws in the Glow fertility app results in a settlement agreement that resembles recent enforcement agreements in New York but is also unique in requiring the...more
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these...more
As the COVID-19 pandemic rapidly unfolds, the Federal Communications Commission (“FCC”) has been active to keep communications services available through various waivers, extensions, and other regulatory relief. Kelley Drye’s...more
What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at...more
On March 21, 2020, companies will need to comply with yet another data privacy and security law when the New York Stop Hacks and Improve Electronic Data Security Act ("NY SHIELD Act") takes effect. The SHIELD Act is unique in...more
Earlier this month, Andrew Smith, the FTC’s Director of the Bureau of Consumer Protection, announced that the Commission had made “three major changes” to its data security orders. Citing recent hearings at the FTC, as well...more
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) went into effect. The CCPA applies to a wide range of companies and broadly governs the collection, use and sale of personal information of California...more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
Delta Sues Software Provider Over Data Breach - Delta Airlines sued its customer service chat provider, [24]7.ai Inc., in New York federal court accusing it of lax digital security practices that allowed a hacker to steal...more
We routinely recommend to clients that they develop a written information security program (“WISP”), to safeguard sensitive information on a day-to-day basis. In fact, businesses (wherever located) that collect, store or use...more
New York Governor Andrew M. Cuomo signed a bill into law last week that expands New York’s data breach notification law. The Stop Hacks and Improve Electronic Data Security (SHIELD) Act brings the New York data breach...more
Data security and privacy concerns have become one of the top issues keeping business leaders up at night. According to the Ponemon Institute’s 2018 study regarding the cost of data breaches, data breaches are increasingly...more
Section 230 of the Connecticut budget bill is called the “Insurance Data Security Law” and becomes effective October 1, 2019. It requires any insurance licensee, (anyone who is authorized or licensed and subject to the...more
On Thursday, April 11, 2019, Massachusetts' revisions to its data breach notification law came into effect with significant changes to how a company handling residents’ personal information must respond to a data breach....more
Following in the footsteps of the New York Department of Financial Regulation (NYDFS) in enacting cybersecurity requirements for the financial services industry, and in response to massive data breaches in the insurance...more