News & Analysis as of

Privacy & Cybersecurity Update: New York State Proposes Cybersecurity Regulation for Financial Institutions

New York state has proposed a new regulation — to go into effect January 1, 2017 — that would require banks, insurance companies and other financial services institutions regulated by the New York State Department of...more

3 Essential Steps For Responding To Ransomware Attacks

Likely because most victims comply with their demands, the incidence of attacks by ransomware hackers has exploded in 2016. Guidance issued by the U.S. Department of Health and Human Services (“HHS”) in July notes that, on...more

Heal Thyself: Insider Threats to Heed, Especially for Industries with Large Amounts of Personal Information

A recent study by the Ponemon Institute found that insider threats due to malicious or negligent employees are the leading cause of private-sector cybersecurity incidents. Of the over 600 information security professionals...more

Illinois Joins the Fray: Strengthens its Laws Around Data Breach Notification and Data Security

Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more

The Paper Trail: The Potential Data-Breach Sitting in your Printer

In April 2016, the sensitive personal medical information of NFL players was stolen from the car of a trainer who had left the files in a backpack in his locked car. In 2014, Safeway, Inc. settled charges brought by the...more

Tennessee Legislature Amends Data Breach Notification Statute - Encryption is No Longer an Automatic Safe Harbor

On March 24, 2016, Governor Haslam signed S.B. 2005 which amends Tennessee's data breach notice statute. The amended statute will go into effect on July 1, 2016. The new Tennessee breach notice requirements are triggered by...more

NAIC Task Force Continues Work on Insurance Data Security Model Law

On May 24 and 25, the National Association of Insurance Commissioners (the NAIC) Cybersecurity (EX) Task Force (the Task Force) hosted a meeting in which state insurance commissioners and interested parties were invited to...more

Ransomware: Electronic Extortion for a Digital Era

Last month, the FBI asked the American Bar Association to share a cyberalert with its members warning of an increased risk of ransomware. Ransomware poses significant legal and operational risks to businesses. Personnel at...more

Illinois Enacts Sweeping Changes to the Illinois Personal Information Protection Act

On May 6, 2016, Illinois joined a growing number of states that have strengthened their data breach notification requirements and expanded the definition of protected personal information. Effective January 1, 2017, HB1260...more

Sensitive Information: How Insurance Producers Can Protect Consumer Privacy

Introduction. Insurance sales may be conducted using entirely impersonal tools. An insurance consumer may fill out a form on an internet web site, and through automated systems have a policy of insurance issued without any...more

Tennessee’s Data-Breach Notice Requirements Among the Nation’s Toughest

On July 1, 2016, Tennessee’s new notice requirements for breaches of data security systems which compromise an individual’s personal information will take effect. The amendments to Tennessee’s current rules, found at T.C.A....more

Illinois Makes Extensive Changes to Data Breach Notification Law

On May 6, 2016, Illinois Governor Bruce Rauner signed HB1260, which significantly updates the state’s Personal Information Protection Act. The changes take effect on January 1, 2017. When the new law becomes effective,...more

Cyber Security

Roughly one million pieces of malware—computer viruses or malicious software—are released every day. In recent years, we’ve witnessed an unprecedented level of activity in the cyber arena, both in the form of increased...more

Tennessee Gives Businesses 45 Days for Data Breach Notice

Recent amendments to the State’s data breach statute give a hard deadline for a business to provide consumer notice, removes encryption safe harbor, exempts entities that are subject to the Health Insurance Portability and...more

Developments in Cybersecurity: Privacy Laws, Hacking Beyond Customer Data, and Communicating with Corporate Boards

I. Legal Exposure to Federal and State Privacy Laws - A. Federal Statutes and Enforcement - 1. Federal Trade Commission Act, 15 U.S.C. §§ 41-58 - The Federal Trade Commission (FTC) has emerged as the leading...more

European Court of Justice Invalidates U.S.-EU Safe Harbor

On October 6, 2015, the European Court of Justice (“ECJ”), the top court of the European Union (“EU”), released its opinion in Maximillian Schrems v. Data Protection Commissioner (C-362/14), invalidating the U.S.-EU Safe...more

What's So Great About an Information Security Policy?

Lawyers and compliance professionals constantly tout the importance of internal information security policies, particularly in light of data privacy problems that are reported almost daily in the media. Admittedly, drafting...more

How to Avoid and Respond to a Cybersecurity Breach

In light of numerous recent data breaches, cybersecurity has emerged as an issue impacting organizations ranging from the local hardware store to the largest multi-national firms in the world. In short, no industry is immune...more

Under the Thumb: Regulatory Compliance When Outsourcing Cybersecurity Management

Managed security services are often a natural “add-on” when outsourcing IT services given that data protection is integral to application development, software as a service, and cloud storage, among other services. More...more

New Potential Liability for Data Security: U.S. Court of Appeals for the Third Circuit Announces FTC has Authority to Scrutinize a...

The U.S. Court of Appeals for the Third Circuit announced that the Federal Trade Commission (FTC) has the authority to scrutinize a business’s data security protocol -- and to file a complaint if the FTC finds that protocol...more

April Brings Amendments to Washington and North Dakota Breach Notification Requirements

April saw amendments to Washington State's and North Dakota's breach notification statutes. In a prior Orrick Alert, we discussed some of the implications from the proposed data breach notification amendments in...more

Data Privacy and Security Considerations in M&A Transactions

By some estimates, cybercrime costs the global economy $445 billion annually. If cybercrime were a single country, this dollar amount would place it within the world’s top 30 countries in terms of gross domestic product, and...more

Consumer Privacy Bill of Rights

The White House released its much anticipated legislative proposal on the Consumer Privacy Bill of Rights Act (CPBRA) that was first floated in 2012. The CPBRA, if enacted (which seems unlikely before 2016), would provide...more

Why You Need a Privacy Policy – Part 2: Avoiding Three Common Fumbles

In Part 1, we covered some basic privacy policy concepts. Here in Part 2, we address three problems associated with privacy policies in practice. 1. You Don’t Have One, But You Really Should - There is no...more

Data Breach Legislative Debate Begins Today at the House Energy & Commerce Committee

On Tuesday, the House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade held a hearing entitled "What are the Elements of Sound Data Breach Legislation?" This hearing was the first of the new Congress to...more

33 Results
View per page
Page: of 2
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.