Latest Publications

Share:

NYDFS Updates FAQs to Clarify Cybersecurity Regulations

The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more

Ponemon Institute Study on Costs of Data Breaches Highlights Improvement and New Risks for U.S. and Global Companies

The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more

FTC Submits Comment To Aid NTIA In Developing Internet of Things Guidance

In its latest effort to address security concerns about Internet of Things (IoT) devices, the Federal Trade Commission (FTC) has submitted public comments to the National Telecommunications and Information Administration's...more

Autonomous Cars One Step Closer to Reality in Colorado

This month, Colorado joined a growing list of nearly half of U.S. states when it enacted a law approving the use of autonomous driving systems. The Colorado law governs systems capable of controlling highly and fully...more

Colorado Division of Securities Publishes Final Cybersecurity Rules

The Colorado Division of Securities (Division) has published final cybersecurity rules applicable to broker-dealers and investment advisers. The Colorado Attorney General's office has 20 days to write an opinion on the rules,...more

Is Your Organization Ready for a Systemwide Ransomware Attack?

Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more

To DPO or Not to DPO: Revised Guidance Issued on Data Protection Officers Under GDPR

If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more

United Kingdom Privacy Office Issues Guidance on Consent Under GDPR

The EU General Data Protection Regulation (GDPR), which takes effect in May 2018, will require companies to reassess their mechanisms for obtaining, tracking, and verifying individuals' consent. Companies will need clear and...more

Eighth Circuit Remands Proposed Settlement in Target Data Breach Class Action

The Eighth Circuit Court of Appeals has remanded a $10 million settlement in the Target data breach class action on the grounds that the district court had not rigorously analyzed the propriety of the class...more

IRS and Others Renew Warnings About Fraudulent Emails Targeting Employee Tax Information

With tax season in full swing, the Internal Revenue Service (IRS), state tax agencies, and tax industry groups recently renewed a warning about Form W-2 email spear-phishing scams. ...more

Disclosure Is Key for Cross-Device Tracking, FTC Staff Report Says

If you or your third-party providers are engaged in cross-device tracking, you must adequately disclose the practice to your end users, provide them control over their information, and exercise care when collecting sensitive...more

Data Breach Class Action Reinstated Against Horizon Healthcare Services Inc.

The U.S. Court of Appeals for the Third Circuit has vacated a district court's dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops...more

EU e-Privacy Regulation Raises Stakes for Compliance

The European Commission's proposed e-privacy regulation sets forth obligations on handling electronic communications and clarifies obligations for seeking consent for the use of cookies. Meant to bring the e-privacy directive...more

Affair Website Ashley Madison Fined $8.75 Million Over Data Breach, Misrepresentations

The Federal Trade Commission (FTC) has entered into a multimillion dollar settlement with the owners and operators of AshleyMadison.com, a dating website for people interested in having discreet affairs, related to the...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

DOT Issues Proposed Cybersecurity Guidance to Automotive Industry

Vehicle-related cyber incidents could have devastating and deadly effects, particularly as cars and trucks become more highly automated and rely more heavily on wireless technologies. To combat this threat, the U.S....more

European Court Of Justice Rules That Dynamic IP Addresses Can Be Personal Data

In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more

Federal Banking Agencies Propose New Requirements for Managing Cyber Risk

Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more

UK ICO Offers Guidance on Privacy Notices Under the GDPR and the UK Data Protection Act

In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more

To (Dis)Close for Comfort–FTC Workshop Seeks Effective Consumer Disclosures

A goal of providing effective disclosures to consumers is to allow consumers to make informed decisions. But what must be done to make disclosures effective? This was the question the Federal Trade Commission (FTC) explored...more

Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm

The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more

Lessons for Businesses from FTC’s Opinion on LabMD’s Data Security Practices

The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5...more

OCR Announces First HIPAA Enforcement Action against a Business Associate

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health...more

Court: Stored Communications Act Warrant Cannot Be Used to Seize Data Held Overseas

In a case that may have significant impact for companies providing public Internet and cloud services, the Second Circuit has ruled that a federal court may not issue a criminal warrant ordering a U.S. company to produce...more

Ninth Circuit Vastly Expands Scope of Criminal, Civil Liability for Computer Fraud

In a pair of highly anticipated decisions, the Ninth Circuit significantly reshaped criminal and civil liability under the federal Computer Fraud and Abuse Act (CFAA). The court’s recent decisions in United States v. Nosal...more

76 Results
/
View per page
Page: of 4

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.