Although all fifty states now have data breach notification statutes on the books, a smaller but growing number of states have adopted substantive data privacy laws. The recently passed California Privacy Rights Act (CPRA)...more
The major current cybersecurity story involves a popular SolarWinds network managing software package, Orion. A sophisticated actor, with the signatures of a nation state, infiltrated Orion in a software update. Once inside,...more
A federal court has held that neither the work product nor attorney-client privilege doctrines shield a cyber expert’s report from discovery....more
2020 was a year like no other. From an unprecedented “work from home” shift to a blockbuster European court ruling to a mammoth cyber attack, businesses scrambled to adapt to an endless series of cyber challenges. 2021 shows...more
1/20/2021
/ Biden Administration ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Popular
The UK left the EU on January 31, 2020. On Christmas Eve, the two parties signed a Trade and Cooperation Agreement. Under the Agreement, EU personal data can be processed in the UK for six months. The European Commission will...more
Data Transfer from the European Union to the United States is a knotty process. The difficulties were compounded this summer when Europe’s highest court held the “Privacy Shield” program enabling U.S-E.U. data transfers...more
11/25/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
We have previously written about “phishing.” Phishing involves using social pressure to trick the recipient to send sensitive information, network control, or credentials, to hackers posing as authorized users....more
The New York Department of Financial Services (NYDFS) has launched its first enforcement action under New York’s Cybersecurity law for financial services, so-called Part 500. Part 500 requires NYDFS licensed institutions to...more
9/23/2020
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management
In a ruling that could have broad ramifications for health data sharing, a federal judge has ruled that a patient complaining about a hospital sharing his health data without permission lacked standing because he suffered no...more
The United States Department of Health and Human Services (HHS) has closed an investigation into a Rhode Island health system stemming from a 2017 breach. Briefly summarized, Lifespan Health System Affiliated Covered Entity...more
Countless businesses export data from the European Union to the United States. Does your human resources office have information on European employees? The sales department information on European clients? That is personal...more
The sword finally fell. Last week, the European Union’s (EU) highest court, the Court of Justice (CJEU) invalidated Privacy Shield. Privacy Shield was a legal framework that enabled EU companies to process data in the United...more
In Compulife Software Inc. v. Newman, No. 18-12004, 2020 WL 2549505 (11th Cir. May 20, 2020), the Eleventh Circuit vacated a trial court ruling that competitors who used a website operator’s server and database did not...more
The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has warned of escalating cyber-attacks on organizations working on the COVID-19 pandemic. CISA, the FBI, and the...more
We enjoy Jerry Bruckheimer movies. Living in one is another matter. COVID-19 has generated scenes that give us pause. An empty Times Square. A Los Angeles with moving traffic. A Washington eerie in its silence. Closed stores....more
As Congress continues to wrestle with federal privacy legislation, the states have been lining up alternative proposals. North Carolina has introduced its own bipartisan bill. The bill, H.B 904, will not pass this year. Even...more
*Trigger Warning*: This article includes mentions of suicide.
It could be the start of a Law & Order episode. In August, a pedestrian in Manhattan’s East Village noted a driver sitting inside a parked car. The driver was...more
HIPAA was enacted in 1996. In the years since, most healthcare entities have adapted to the major requirements imposed by HIPAA, HITECH, and the Privacy and Security Rules. Nevertheless, the thicket of regulations still...more
Given recent headlines, ranging from Facebook to Cambridge Analytica to the City of Atlanta’s ransomware attack, the logical inference is that the European Union’s General Data Protection Regulation (GDPR) is a product of our...more