What should companies do when ransomware hits? The FBI says: (a) report it to law enforcement and (b) do not pay the ransom. Given the recent onslaught in ransomware attacks—such as a 2016 variant that compromised an...more
10/7/2016
/ Cyber Attacks ,
Data Breach ,
FBI ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HITECH Act ,
Incident Response Plans ,
Malware ,
Ransomware
The Sixth Circuit joined the growing trend of appellate courts holding that plaintiffs had demonstrated standing for data breach class actions in Galaria et al. v. Nationwide Mutual Insurance Company. In a recent order, the...more
10/5/2016
/ Article III ,
Class Action ,
Corporate Counsel ,
Data Breach ,
Insurance Industry ,
Nationwide Insurance Co. ,
Neiman Marcus ,
Personally Identifiable Information ,
PF Chang's ,
Popular ,
Standing
Aravind Swaminathan, global co-chair of Orrick’s Cybersecurity & Data Privacy team, recently spoke with Global Investigations Review regarding new plans proposed by New York’s Department of Financial Services that will...more
9/26/2016
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Financial Institutions ,
Hackers ,
Incident Response Plans ,
Negligence ,
Risk Management
On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the...more
Just as it promised a year ago, New York State proposed new proscriptive, minimum cybersecurity requirements for regulated financial services institutions. The regulations go final after a 45-day notice and public comment...more
Last week, the Federal Trade Commission convened a ransomware workshop to discuss the rising epidemic of attacks against U.S. businesses and individuals. In a ransomware attack, a malicious actor tricks a user into...more
9/15/2016
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hackers ,
Malware ,
OCR ,
PHI ,
Popular ,
Ransomware
Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more
There is no doubt that companies face unprecedented volume and variation in both disruptive and intrusive cyberattacks on their networks. Among the different attack methodologies today, ransomware is quickly becoming a major...more
7/29/2016
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Malware ,
Notification Requirements ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Ransomware
On July 5, 2016, the Ninth Circuit Court of Appeals issued its highly anticipated decision in the most recent chapter of United States v. Nosal, holding that an individual acts "without authorization" as used in the Computer...more
On July 6, 2016, the European Parliament passed the Network and Information Security (“NIS”) Directive, over three years after the initial draft was proposed. The Directive will enter into force in August 2016. EU Member...more
The Supreme Court has made federal contracting more treacherous by extending the reach of False Claims Act (“FCA”) liability. While the decision related to FCA liability for misrepresentations related to staffing levels, the...more
Last month the Federal Communications Commission (“FCC”) closed the comment period for its proposed privacy regulations, which we previously wrote about here. The million dollar question on everyone’s minds is whether the...more
On May 10, 2016, the United States Department of Treasury (Treasury) became the latest federal agency to highlight the importance of cybersecurity in the financial services industry. In its white paper, which follows last...more
Last month, privacy and security professionals from around the world gathered in Washington, D.C. for the International Association of Privacy Professionals’ Global Privacy Summit 2016. The conference focused on the new...more
5/10/2016
/ Article 29 Working Party (WP29) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
NPRM ,
Online Advertisements ,
Personal Data ,
Web Tracking
Last week, the Seventh Circuit revived a data breach class action against P.F. Chang’s restaurant in an important opinion that continues a plaintiff-friendly trend that began with the court’s opinion in the Neiman Marcus case...more
After 4 years of negotiation, today the European Parliament adopted the General Data Protection Regulation (“GDPR“). In doing so, it signaled the end of the EU approval process and put businesses on alert that they now have...more
Tennessee recently amended its data breach notification law, and in doing so, it has joined the ranks of states like Florida, Ohio, and Wisconsin that require notification to residents of a data breach within a defined time...more
The insurance industry has been making the case to Congress that cyberinsurance can be a path to good security practices, encouraging different groups inside an organization to better communicate with one another. The process...more
This month, the Federal Communications Commission (FCC) will consider issuing a Notice of Proposed Rulemaking (NPRM) for privacy regulations that will apply to broadband providers. The goals and objectives of the proposed...more
In a much anticipated move, on March 2, 2016, the Consumer Financial Protection Bureau (CFPB) entered the cybersecurity foray with its first enforcement action against Dwolla, Inc., an online payment processing start-up. ...more
In just the last week, the New York State DMV announced an upgrade to facial recognition software to catch identity thieves trying to obtain fraudulent driver’s licenses, and the Scottish Professional Football League was...more
On 29 February 2016 the European Commission issued the legal texts of the EU-U.S Privacy Shield which aims to replace the defunct EU-U.S Safe Harbor Framework as a legitimate mechanism for transferring personal data from the...more
As new legislation aimed at facilitating greater cybersecurity information sharing between private industry and government takes effect (i.e., Cybersecurity Information Sharing Act), FinCEN Director Jennifer Shasky Calvery...more
The European Commission has announced that it has reached a deal to replace the EU-US Safe Harbor framework that was declared invalid last year by the Court of Justice of the European Union (“ECJ”). Heralded as the EU-US...more
On Monday, January 25th, the Supreme Court issued the most recent Computer Fraud and Abuse Act decision in Michael Musacchio v. United States. After leaving his employer to start his own company, the defendant (a former...more