The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
8/3/2017
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Standing
Not everything that happens in Vegas stays in Vegas. Starting on October 1, 2017, a new Nevada privacy law will require certain website owners and operators to publish a notice regarding their privacy policies, disclosing to...more
The U.S. District Court for the District of Colorado recently dismissed a proposed class action lawsuit filed by financial institutions relating to a 2016 data breach that involved hundreds of Noodles & Company (Noodles)...more
7/27/2017
/ Banking Sector ,
Choice-of-Law ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Economic Loss Doctrine ,
Financial Institutions ,
PCI-DSS Standard ,
Personally Identifiable Information ,
Popular ,
Restaurant Industry
The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more
7/17/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Risk
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
The Colorado Division of Securities (Division) has published final cybersecurity rules applicable to broker-dealers and investment advisers. The Colorado Attorney General's office has 20 days to write an opinion on the rules,...more
The U.S. Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert in the wake of the widespread WannaCry ransomware attack that has inflicted hundreds of thousands...more
5/19/2017
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Investment Management ,
Malware ,
OCIE ,
Phishing Scams ,
Ransomware ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC)
President Trump recently signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order sets forth the Trump Administration's policy for cybersecurity of...more
5/18/2017
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Executive Orders ,
Hackers ,
Popular ,
Risk Management ,
Trump Administration
Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more
5/17/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware
The Colorado Division of Securities recently issued proposed rules directed at establishing cybersecurity requirements for broker-dealers and investment advisers. The proposed rules were issued only a month after New York...more
New Mexico recently became the 48th state to enact a data breach notification law. This continues the accelerated pace of state data breach legislative activity in the last two years. Since 2015, at least 41 states have...more
Employers increasingly face the difficult scenario of employees who misappropriate company data in the pursuit of whistleblower claims alleging misconduct by the employer. Such cases can present a complex mix of regulatory,...more
2/24/2017
/ Bank Secrecy Act ,
Banking Sector ,
Banks ,
Confidentiality Agreements ,
Dodd-Frank ,
Labor Code ,
OCC ,
Retaliation ,
Sarbanes-Oxley ,
Securities and Exchange Commission (SEC) ,
Whistleblower Protection Policies ,
Whistleblowers
With tax season in full swing, the Internal Revenue Service (IRS), state tax agencies, and tax industry groups recently renewed a warning about Form W-2 email spear-phishing scams.
...more
1/31/2017
/ Cyber Crimes ,
Email ,
Identity Theft ,
IRS ,
Payroll Records ,
Personally Identifiable Information ,
Phishing Scams ,
Social Security Numbers ,
Spoofing ,
Tax Fraud ,
W-2
The U.S. Court of Appeals for the Third Circuit has vacated a district court's dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops...more
1/24/2017
/ Appeals ,
Article III ,
Class Action ,
Data Breach ,
Electronic Medical Records ,
Fair Credit Reporting Act (FCRA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Injury-in-Fact ,
Laptop Computers ,
Personally Identifiable Information ,
PHI ,
Standing
The European Commission's proposed e-privacy regulation sets forth obligations on handling electronic communications and clarifies obligations for seeking consent for the use of cookies. Meant to bring the e-privacy directive...more
1/13/2017
/ Cookies ,
Corporate Counsel ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
e-Privacy Directive ,
Electronic Communications ,
EU ,
Facebook ,
Fines ,
General Data Protection Regulation (GDPR) ,
Google ,
Metadata ,
Mobile Apps ,
Prior Express Consent ,
Privacy Laws ,
Telecommunications ,
WhatsApp
The New York Department of Financial Services (NYDFS) announced today a revised regulation that will require all institutions subject to NYDFS supervision to establish and maintain a cybersecurity program meeting "certain...more
12/29/2016
/ Banking Sector ,
Banks ,
Chief Information Security Officer (CISO) ,
Comment Period ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Risk Management ,
Third-Party Service Provider
The Federal Trade Commission (FTC) has entered into a proposed consent order requiring digital advertising company Turn Inc. to include a clear and conspicuous notice detailing how it collects, uses, or shares information...more
12/27/2016
/ Advertising ,
Cookies ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Mobile Apps ,
Online Platforms ,
Opt-Outs ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices ,
Web Tracking ,
Websites
The Federal Trade Commission (FTC) has entered into a multimillion dollar settlement with the owners and operators of AshleyMadison.com, a dating website for people interested in having discreet affairs, related to the...more
12/16/2016
/ Adultery ,
Ashley Madison ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Dating Services ,
Federal Trade Commission (FTC) ,
Fines ,
Hackers ,
Internet ,
Marriage ,
Misrepresentation ,
Online Platforms ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Spouses ,
Website Owner Liability ,
Websites
The Irish Data Protection Commissioner (DPC) has issued a 12-step checklist of actions companies can take now to better prepare for compliance with the General Data Protection Regulation (GDPR), the new EU privacy regulation...more
12/8/2016
/ Data Breach ,
Data Collection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Online Safety for Children ,
Personal Data ,
Popular ,
Reporting Requirements ,
Right to Privacy ,
Risk Management ,
Third-Party Risk
Vehicle-related cyber incidents could have devastating and deadly effects, particularly as cars and trucks become more highly automated and rely more heavily on wireless technologies. To combat this threat, the U.S....more
10/28/2016
/ Automotive Industry ,
Connected Cars ,
Cybersecurity ,
Department of Transportation (DOT) ,
Driverless Cars ,
Internet of Things ,
NHTSA ,
Privacy Concerns ,
Regulatory Oversight ,
Smart Car ,
Technology
Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more
10/21/2016
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cyber Attacks ,
Cybersecurity ,
FDIC ,
Federal Reserve ,
FFIEC ,
Financial Institutions ,
Financial Services Industry ,
Hackers ,
Handbooks ,
Incident Response Plans ,
OCC ,
Risk Management
The New York Department of Financial Services (NYDFS) will require all institutions subject to NYDFS supervision to establish and maintain a cybersecurity program meeting "certain regulatory minimum standards." All financial...more
9/20/2016
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Consumer Lenders ,
Cybersecurity ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Mortgages ,
NYDFS ,
Popular ,
Risk Management
The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more
8/17/2016
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Healthcare ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Putative Class Actions ,
Standing
The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5...more
8/15/2016
/ Administrative Law Judge (ALJ) ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
File Sharing ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LabMD ,
Likelihood of Harm ,
p2p ,
Popular ,
Section 5
In a case that may have significant impact for companies providing public Internet and cloud services, the Second Circuit has ruled that a federal court may not issue a criminal warrant ordering a U.S. company to produce...more
7/20/2016
/ Cloud Computing ,
Criminal Investigations ,
e-Discovery ,
Electronically Stored Information ,
Email ,
Extraterritoriality Rules ,
Internet Service Providers (ISPs) ,
Ireland ,
Microsoft ,
Popular ,
Privacy Concerns ,
Search Warrant ,
Stored Communications Act ,
Subpoenas