Katherine Doty Hanniford on Data Breach

Top 10 Issues General Counsel Need to Know About Ransomware in 2024

Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more

2/26/2024 / Corporate Counsel , Cyber Attacks , Cyber Crimes , Cyber Threats , Cybersecurity , Data Breach , Data Protection , Data Security , Data Theft , NYDFS , Popular , Ransomware , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

Ransomware Group, in Midst of Extortion Attempt, Files Regulatory Notice with SEC

Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own...more

11/20/2023 / Cyber Crimes , Cybersecurity , Data Breach , Data Privacy , Data Security , Securities and Exchange Commission (SEC)

FTC Approves New Data Breach Notification Requirement for Nonbanking Financial Institutions

With an amendment to its Safeguards Rule, the Federal Trade Commission has joined other federal agencies regulating cybersecurity breaches. Our Privacy, Cyber & Data Strategy Team analyzes how the amendment will affect...more

11/15/2023 / Breach Notification Rule , Cybersecurity , Data Breach , Data Protection , Federal Trade Commission (FTC) , Financial Institutions , Financial Services Industry , Non-Bank Lenders , Notification Requirements , Safeguards Rule

FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions

On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer...more

11/1/2023 / Cybersecurity , Data Breach , Data Security , Federal Trade Commission (FTC) , Financial Institutions , Gramm-Leach-Blilely Act , Personally Identifiable Information , Popular , Safeguards Rule

FTC Takes Action Against Ed Tech Provider for Failure to Secure Student’s Personal Information

On October 31, 2022, the Federal Trade Commission (FTC) announced it has taken action against education technology provider Chegg Inc. (“Chegg”) for its “careless” cybersecurity practices that exposed sensitive personal...more

11/4/2022 / Cybersecurity , Data Breach , Data Privacy , Enforcement Actions , Federal Trade Commission (FTC) , Personally Identifiable Information

Maryland Amends Data Breach and Reasonable Security Requirements

Maryland recently passed House Bill 962, amending Maryland’s Personal Information Protection Act (PIPA) (Md. Code Ann. Comm. Law 14-3504). As summarized below, House Bill 962 amends certain aspects of PIPA relating to breach...more

7/7/2022 / Breach Notification Rule , Data Breach , Data Protection , Data Security , PIPA

SEC Settles Enforcement Action for Disclosure Controls Violations Stemming from Data Security Incident

The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security...more

6/16/2021 / Cybersecurity , Data Breach , Data Security , Disclosure Requirements , Enforcement Actions , Securities and Exchange Commission (SEC)

NYDFS Issues Best Practices for Cyber Insurance Risk Management

Against the backdrop of the disruptions associated with the Covid-19 pandemic and SolarWinds cyber-espionage campaign, NYDFS has released guidance for insurers that underwrite cyber insurance policies and which contains a...more

2/19/2021 / Cyber Attacks , Cyber Crimes , Cyber Insurance , Cybersecurity , Data Breach , Data Protection , Information Technology , NYDFS , Popular , Ransomware , Risk Management

Katherine Doty Hanniford

Alston & Bird

Popular Topics by This Author

Latest Posts › Data Breach