In response to the COVID-19 pandemic, on March 17, 2020, the Office for Civil Rights (“OCR”) at the Department of Health and Human Services (“HHS”) issued a notification of enforcement discretion, announcing that it would not...more
4/2/2020
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Popular ,
Relief Measures ,
Telehealth ,
Telemedicine ,
Waivers
Businesses, consumers, and regulators continue to grapple with balancing privacy, cybersecurity, and the response to the COVID-19 pandemic. Last week, this blog explored the increased cyber risks that the pandemic poses to...more
In recent years, cyber-attacks have continued to increase in number and scope, with businesses facing ever-growing threats from ransomware, distributed denial-of-service attacks, and phishing schemes....more
The California Consumer Privacy Act (“CCPA”) becomes operative on January 1, 2020. See Cal Civ. Code § 1798.100 et al. To date, the CCPA is the most sweeping consumer privacy law in the United States, covering most for-profit...more
10/3/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Private Right of Action
Earlier this month, YouTube and its parent company, Google, entered into a record $170 million proposed settlement to resolve allegations brought by the Federal Trade Commission (FTC) and the New York Attorney General (NYAG)...more
The California Consumer Privacy Act (CCPA) has significantly altered the potential consequences of a data breach under California law by permitting California consumers to bring civil suits for statutory damages, Cal. Civ....more
8/24/2019
/ Cal Code of Civil Procedure ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Declaratory Relief ,
Injunctive Relief ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Statutory Damages
Last Thursday, Governor Cuomo signed New York’s latest data security bill – the Stop Hacks and Improve Electronic Data Security, or “SHIELD” Act. The Act, which we have followed on this blog since November 2017, imposes new...more
The U.S. Office of Personnel Management (“OPM”) made headlines when several hacks of confidential data came to light in 2015, intrusions that compromised the personal data of over 20 million individuals. On July 21, 2019, in...more
7/16/2019
/ Article III ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Identity Theft ,
Office of Personnel Management (OPM) ,
Personally Identifiable Information ,
Popular ,
Standing
The New York State Senate recently passed The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, leaving only the Governor’s signature as the final step to the SHIELD Act becoming the country’s newest—and one...more
As we’ve written about in the past, the SAFETY Act has the potential to help companies mitigate their risk from cyber-terrorism. As previously noted, the statute has never been fully tested in courts, so the full contours of...more
As we’ve discussed in previous posts, the SAFETY Act has the potential to serve as a valuable tool for companies looking to mitigate risk from cyber-terrorism. ...more
The incoming chief of New York’s top financial services regulator called cybersecurity “the number one threat facing all industries and governments globally” during a speech on Friday, April 12, 2019 at the Association of the...more
An obscure federal law called the SAFETY Act recently captured national headlines when MGM Resorts International invoked it in a series of pre-emptive, declaratory judgment law suits against the victims of the 2017 Route 91...more
Yesterday, the United States indicted two Iranian hackers for their roles in a series of major ransomware attacks that started in 2016 and lasted almost three years. The attacks crippled schools, hospitals, the private...more
Memories of the massacre of dozens of concertgoers at a Las Vegas music festival last year are unlikely to fade soon. In the deadliest shooting in U.S. history, Stephen Paddock killed 58 people and wounded hundreds from his...more
California’s landmark digital privacy law – enacted less than two weeks ago – is the most sweeping consumer data protection law in the United States. The California Consumer Privacy Act of 2018, or CCPA, will apply to more...more
7/12/2018
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
For thousands of financial institutions and insurance companies covered by New York DFS’s sweeping data security regulation, the countdown to yet another deadline has begun. Those companies will remember last August, when...more
Many believe that blockchain technology will revolutionize the way humans interact, in business and beyond. Though cryptocurrency is the topic du jour, blockchains can do much more than just enable digital currencies: they...more
Six months after a massive data breach at credit reporting company Equifax, Inc. handed hackers the personal information of nearly 150 million Americans, the fallout continues. Equifax first disclosed in September that...more
With new developments regarding Uber Technologies Inc.’s 2016 data breach coming out almost daily, lawsuits against the company continue to pile-up. We previously reported that within days of Uber disclosing the data theft...more
12/5/2017
/ Breach of Contract ,
Class Action ,
Computer Fraud and Abuse Act (CFAA) ,
Consumer Fraud ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Hackers ,
Invasion of Privacy ,
Negligence ,
Pending Litigation ,
Personally Identifiable Information ,
Ridesharing ,
Sharing Economy ,
Uber ,
Unjust Enrichment
On February 16, 2017, the New York Department of Financial Services (“DFS”) issued the final version of its cybersecurity regulation. The regulation, which has seen several iterations since it was first proposed in September...more
Over the last few months, the New York Department of Financial Services (“DFS”) cybersecurity regulation has undergone multiple revisions. But late last week, DFS issued its final regulation, which will go into effect on...more
2/21/2017
/ Banks ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cybersecurity ,
Department of Financial Services ,
Final Rules ,
Financial Institutions ,
Insurance Industry ,
Notification Requirements ,
NYDFS ,
Third-Party Service Provider
New York’s Department of Financial Services issued its final Cybersecurity Regulation last night with an effective date of March 1, 2017. ...more
Last year was the first that national banks and federal savings associations subject to supervision by the Office of the Comptroller of the Currency (“OCC”) were armed with a sense of the agency’s regulatory expectations when...more
1/28/2017
/ Banks ,
Cybersecurity ,
Data Security ,
Department of Financial Services ,
FDIC ,
Federal Bank Regulatory Agencies ,
Federal Reserve ,
Financial Institutions ,
OCC ,
Risk Assessment ,
Risk Mitigation
This is our final installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation. In this installment, we provide an overview of the regulation’s impact...more