Digital Planning Podcast - Interview With Leeza Garber
Compliance into the Weeds-Episode 39, Disclosure of Ransomware Attacks
Your Cyber Minute: Compliance with the Proposed NYDFS Cybersecurity Regulation
Safeguards against Data Security Breaches (Part One)
There has been a lot of coverage about the Federal Communications Commission’s (FCC and Commission) new and expansive data breach notification Order, approved on a 3-2 vote at the Commission’s December 13 Open Meeting. Much...more
On October 27, 2023, the Federal Trade Commission (FTC) further tightened requirements to safeguard customers’ financial information in the hands of financial institutions, with their release of a new amendment (Amendment) to...more
Throughout 2022, we continue to see regulators placing an emphasis on the importance of protecting and securing information, in particular consumer personal information, at both the federal and state levels. ...more
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing...more
On October 27, 2021 the FTC issued a final rule (the “Final Rule”) amending 16 CFR Part 134, Standards for Safeguarding Customer Information (“Safeguards Rule”), after a period of notice and comment. While the existing...more
Effective June 16, 2017, New Mexico will join 47 other states (as well as the District of Columbia, Guam, Puerto Rico, and the Virgin Islands) by imposing breach notification requirements on entities experiencing information...more
As I blogged about here, last year the Tennessee legislature amended its data breach laws to become the first state in the U.S. to remove the encryption safe harbor from its definition of a data breach, which required notice...more
During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were...more
States were busy updating their data breach notification statutes in 2016. With 2016 in the rear view, let’s take a look back at the legislative changes that will impact corporate incident response processes and what those...more
The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has published an online list of data breach notifications issued each year to Massachusetts residents since 2007, the inception of the...more
In many respects, 2016 has been a remarkable year, but one constant with recent history is that multiple states (six this year) amended their breach notification statutes. As is commonly stated, the U.S. ...more
The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology...more
As has become typical in the data security space, there was quite a bit of activity in state legislatures over the previous year concerning data breach notification statutes. Lawmakers are keenly aware of the high profile...more
On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in...more
Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more
On March 24, 2016, Governor Haslam signed S.B. 2005 which amends Tennessee's data breach notice statute. The amended statute will go into effect on July 1, 2016. The new Tennessee breach notice requirements are triggered by...more
Carrie, A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities. The employee was Abbie Absent-Minded. Well, we hit a...more
On July 1, 2016, Tennessee’s new notice requirements for breaches of data security systems which compromise an individual’s personal information will take effect. The amendments to Tennessee’s current rules, found at T.C.A....more
The California legislature has again amended the state’s breach notification statutes to impose new and unique requirements and refinements, adding further complexity to the patchwork of breach notification requirements....more
On October 6, 2015, California Governor Jerry Brown signed into law three bills, A.B. 964, S.B. 570, and S.B. 34, expanding the requirements of California’s data breach notification law. The new requirements will become...more
Three bills that will update California’s data breach notification requirements have been signed into law by Governor Jerry Brown. The bills impose specific requirements on providing breach notification to consumers, add a...more
On October 8, 2015, California Governor Jerry Brown signed A.B. 964 and S.B. 570 into law, a pair of bills that amended the Golden State’s data breach notification statute (Ca. Civ. Code § 1798.82). The amendments...more
Last week, California Governor Jerry Brown signed into law three bills that revise California’s data breach notification statute. The bills, which take effect January 1, 2016, establish specific formatting requirements for...more