Find Someone Observant: The Vital Role of Facility Security Officers
2023 DSIR Report Deeper Dive into the Data
Guidepost in Motion - Cybersecurity Frameworks and Metrics Part 2
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The Internet of Things (“IoT”) has ushered in a new era of connectivity and convenience, but with it comes a host of legal issues and emerging theories of liability. As IoT devices become increasingly ubiquitous in our daily...more
In June 2023, the Privacy Commissioner for Personal Data in Hong Kong (the “Commissioner”) released a new guidance note on data breach handling and notifications (the “Guidance Note”). The purpose of this note is to assist...more
The guidance encourages organisations to formulate a data breach response plan, and outlines recommendations for handling an increasing number of data breach incidents. On 30 June 2023, the Office of the Privacy...more
Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification....more
Ken Mendelson welcomes back Andy Cottrell, the founder and CEO of cybersecurity consulting firm Truvantis to talk more about cybersecurity frameworks. They discuss the difference between a cyber audit and cyber assessment and...more
As summarized in the first installment of our two-part blog series, President Biden recently issued a sweeping Executive Order aimed at improving the nation’s cybersecurity defense. The Order is a reaction to increased...more
A cyber breach can have serious legal, financial, and reputational consequences for a company, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT...more
A cyber breach can have serious legal, financial, and reputational consequences for a fund sponsor, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT...more
We are living in the age of data and big data, where everyone wants to collect as much information as possible. The ability to analyze and monetize such information is a key strategy and selling point for many businesses. ...more
The California Consumer Privacy Act (CCPA) has forced companies across the United States (and even globally) to seriously consider how they handle the personal information they collect from consumers. By its terms, however,...more
West Georgia Ambulance, Inc. (West Georgia) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $65,000 no-fault settlement agreement and two year corrective action...more
In this day, data is often one of the most valuable assets companies have and it needs to be protected as such. Guarding data has become crucial for every business, no matter the size and industry. In the first half of 2019,...more
As discussed in a previous DBR on Data post, the U.S. Department of Education (“ED”) in recent years has repeatedly emphasized the importance of higher education institutions taking all appropriate measures to secure and...more
In recent years, many states have been updating their data privacy laws to account for new technologies and security risks. On Oct. 23, 2019, a New York law on data breach notification requirements became effective. The Stop...more
Since July 1, 2019, Delaware, New Hampshire and Connecticut have enacted laws imposing new cybersecurity requirements on insurers. These laws follow similar statutes already operating in at least six other states: Alabama,...more
New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required...more
On July 25, 2019, New York Governor Anthony Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The Act creates additional protections for the residents of New York and their private...more
California has taken bold steps to regulate the privacy and security of personal information, creating unprecedented remedies for data breaches and recognized European-style rights for consumers in their data. On September...more
The FTC recently settled with LightYear Dealer Technologies, maker of DealerBuilt software, over allegations that the company failed to provide adequate protection for the personal data it houses. The companies’ clients...more
The FTC has entered into a settlement with LightYear Dealer Technologies, doing business as DealerBuilt, a technology company that develops and sells dealer management system (DMS) software and data processing services to...more
In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers. The...more
The Federal Trade Commission is putting more teeth into the multiyear compliance obligations of consent orders it enters into with companies to settle enforcement actions related to data breaches. The FTC recently issued a...more
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more
Twelve state attorneys general have brought suit against two medical Information Technology companies. The AGs allege that the companies, Medical Informatics Engineering Inc. and its subsidiary, NoMoreClipboard LLC, had poor...more
If you clicked on this post, that means you probably fall into one of two categories. Category 1: You are really tired of having to come up with – and remember – increasingly more complicated passwords, only to then be asked...more