The major current cybersecurity story involves a popular SolarWinds network managing software package, Orion. A sophisticated actor, with the signatures of a nation state, infiltrated Orion in a software update. Once inside,...more
A federal court has held that neither the work product nor attorney-client privilege doctrines shield a cyber expert’s report from discovery....more
2020 was a year like no other. From an unprecedented “work from home” shift to a blockbuster European court ruling to a mammoth cyber attack, businesses scrambled to adapt to an endless series of cyber challenges. 2021 shows...more
1/20/2021
/ Biden Administration ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Popular
Data Transfer from the European Union to the United States is a knotty process. The difficulties were compounded this summer when Europe’s highest court held the “Privacy Shield” program enabling U.S-E.U. data transfers...more
11/25/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
We have previously written about “phishing.” Phishing involves using social pressure to trick the recipient to send sensitive information, network control, or credentials, to hackers posing as authorized users....more
The New York Department of Financial Services (NYDFS) has launched its first enforcement action under New York’s Cybersecurity law for financial services, so-called Part 500. Part 500 requires NYDFS licensed institutions to...more
9/23/2020
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management
In a ruling that could have broad ramifications for health data sharing, a federal judge has ruled that a patient complaining about a hospital sharing his health data without permission lacked standing because he suffered no...more
Countless businesses export data from the European Union to the United States. Does your human resources office have information on European employees? The sales department information on European clients? That is personal...more
The sword finally fell. Last week, the European Union’s (EU) highest court, the Court of Justice (CJEU) invalidated Privacy Shield. Privacy Shield was a legal framework that enabled EU companies to process data in the United...more
In Compulife Software Inc. v. Newman, No. 18-12004, 2020 WL 2549505 (11th Cir. May 20, 2020), the Eleventh Circuit vacated a trial court ruling that competitors who used a website operator’s server and database did not...more
The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has warned of escalating cyber-attacks on organizations working on the COVID-19 pandemic. CISA, the FBI, and the...more
We enjoy Jerry Bruckheimer movies. Living in one is another matter. COVID-19 has generated scenes that give us pause. An empty Times Square. A Los Angeles with moving traffic. A Washington eerie in its silence. Closed stores....more
Employers are responding to COVID-19 by allowing, and even mandating remote working. Companies ranging from Amazon, Microsoft, and Google to local design shops have asked employees to work from home. While increasingly common...more
As Congress continues to wrestle with federal privacy legislation, the states have been lining up alternative proposals. North Carolina has introduced its own bipartisan bill. The bill, H.B 904, will not pass this year. Even...more
Last week, Indiana based Medical Informatics Engineering, Inc. (MIE) agreed to pay $100,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). MIE provides electronic health record and related...more
6/6/2019
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
OCR ,
PHI ,
Popular ,
Settlement ,
State Attorneys General
IT, we have a problem. Reports of cybersecurity incidents continue to come in thick and fast. In November 2017, Equifax announced a mammoth data breach that it estimated would cost more than $140 million to address....more
The Securities and Exchange Commission (SEC) has undertaken its first enforcement action in connection with a public company’s failure to timely disclose cyber-issues. Last month, Altaba Inc., the former Yahoo! Inc. (Yahoo!),...more
Given recent headlines, ranging from Facebook to Cambridge Analytica to the City of Atlanta’s ransomware attack, the logical inference is that the European Union’s General Data Protection Regulation (GDPR) is a product of our...more
As data breaches go, they don’t get much bigger than this. On Thursday, September 7, credit reporting giant, Equifax, reported that it had suffered a cyber-incident. 143 million consumer records, including names, birth dates,...more
When the USS John S. McCain collided with the tanker Alnic MC near Singapore, it was the third such collision this summer. The ship sustained damage at the waterline, flooding a crew sleeping area. Such incidents are...more
Movie buffs are familiar with a favored narrative arc: something with tremendous power, such as the Ebola virus, escapes from its clinical confines and proceeds to wreak havoc on the world. (It also works with aliens, ghosts,...more
The New York Department of Financial Services (NYDFS)’s finalized Cybersecurity Requirements for Financial Services Companies (“regulations”), went into effect on March 1, 2017. NYDFS has provided a 6 month safe harbor to...more
Editor's Note: In the world of cyber law, privacy and cybersecurity, one of the largest and most colorful figures is Stewart Baker, whose resume includes a stint as General Counsel at the National Security Agency and...more
A few months ago, we analyzed ransomware incidents and offered some suggestions for handling an episode. Ransomware is a cyberattack in which a hacker uses malware to take control of computer systems. The system owner is...more
In our consulting days, a former boss – a retired Army Colonel – enjoyed sharing his Cold War recommendation for protecting sensitive documents from the KGB: fill up a fleet of tractor-trailers with every U.S. government...more