Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
8/9/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Information Security ,
Information Technology ,
Insurance Industry ,
NAIC ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers,...more
The FTC has proposed amendments to its 2003 Safeguards Rule and the 2000 Privacy Rule, applicable to financial institutions under the Gramm Leach Bliley Act (GLBA). ...more
3/8/2019
/ Banking Sector ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Privacy Rule ,
Proposed Amendments ,
Rulemaking Process ,
Safeguards Rule
The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more
11/28/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Employment Litigation ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care
On April 18, 2018, the Government of Canada published the final regulations relating to mandatory reporting of privacy breaches under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). ...more
9/14/2018
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Notification Requirements ,
Personally Identifiable Information ,
PIPEDA ,
Popular ,
Recordkeeping Requirements ,
Regulatory Oversight ,
Regulatory Requirements
A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. ...more
9/11/2018
/ Banking Sector ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Data Security ,
Federal Breach Notification Standard ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Information Technology ,
Insurance Industry ,
Legislative Agendas ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Preemption ,
Proposed Legislation ,
Risk Management
One of the most bedeviling aspects of data privacy and security law concerns the concept of “reasonable” data security, which has become the default statutory and common law standard. The FTC began articulating a...more
We’ve previously blogged about the creative efforts of plaintiffs’ counsel to expand the contours of data breach litigation. ...more
7/13/2018
/ Article III ,
Automotive Industry ,
Chrysler ,
Class Action ,
Class Certification ,
Connected Cars ,
Data Breach ,
Data Security ,
Design Defects ,
Fiat ,
Hackers ,
Internet of Things ,
Motor Vehicles ,
Network Security ,
Standing
There are several key takeaways from a 20-year proposed consent order agreed to by Uber Technologies, Inc. (Uber) and the Federal Trade Commission (FTC)...more
8/21/2017
/ Antitrust Provisions ,
Antitrust Violations ,
Cloud Storage ,
Corporate Counsel ,
Customer Privacy ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Sharing Economy ,
Uber
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
In its latest effort to address security concerns about Internet of Things (IoT) devices, the Federal Trade Commission (FTC) has submitted public comments to the National Telecommunications and Information Administration's...more
The Federal Trade Commission (FTC) has entered into a multimillion dollar settlement with the owners and operators of AshleyMadison.com, a dating website for people interested in having discreet affairs, related to the...more
12/16/2016
/ Adultery ,
Ashley Madison ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Dating Services ,
Federal Trade Commission (FTC) ,
Fines ,
Hackers ,
Internet ,
Marriage ,
Misrepresentation ,
Online Platforms ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Spouses ,
Website Owner Liability ,
Websites
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
11/7/2016
/ Breach Notification Rule ,
Business Associates ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Covered Entities ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Risk Assessment ,
Service Agreements
The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5...more
8/15/2016
/ Administrative Law Judge (ALJ) ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
File Sharing ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LabMD ,
Likelihood of Harm ,
p2p ,
Popular ,
Section 5
In a pair of highly anticipated decisions, the Ninth Circuit significantly reshaped criminal and civil liability under the federal Computer Fraud and Abuse Act (CFAA). The court’s recent decisions in United States v. Nosal...more
7/18/2016
/ Civil Liability ,
Computer Fraud and Abuse Act (CFAA) ,
Confidential Information ,
Criminal Liability ,
Data Security ,
Economic Espionage Act ,
Electronically Stored Information ,
Facebook ,
Former Employee ,
Misappropriation ,
Passwords ,
Popular ,
Trade Secrets ,
Unauthorized Access ,
US v Nosal ,
Websites
The Pennsylvania Superior Court has affirmed a trial court's decision denying class certification in a data breach case against two health plans, reversing its own earlier ruling in the same case that the plaintiff did not...more
The Consumer Financial Protection Bureau (CFPB) has announced its first data security enforcement action. Since the 1990s, the Federal Trade Commission (FTC) has primarily taken on the role as the de facto federal regulator...more
Nearly three in five Californians were victims of a data breach in 2015, according to a report released by state Attorney General Kamala D. Harris. The report adopts minimum standards of ''reasonable security'' for personal...more
In a landmark decision that threatens to undo the process by which American companies handle personal data flowing from the European Union, the Advocate General (AG) of the European Court of Justice (ECJ) issued an advisory...more
10/1/2015
/ Advocate General ,
Better Business Bureau ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Edward Snowden ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
National Security Agency (NSA) ,
Personal Data ,
PRISM Program ,
Safe Harbors ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
In 2013 alone, the U.S. Department of Homeland Security (DHS) and its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 256 cyber-incident reports—more than half of them in the energy...more
8/24/2015
/ Aerospace ,
Automotive Industry ,
C-Suite Executives ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Hackers ,
Information Technology ,
Internet ,
Manufacturers ,
NIST ,
Oil & Gas ,
Pharmaceutical Industry ,
Popular ,
Transportation Corridor ,
Wastewater ,
Water