The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The country’s largest provider of cloud-based education software for K-12 schools announced on January 7 that it fell victim to a massive data breach – which may lead to questions about the implications for your school....more
Numbers never lie. The second most targeted industry in terms of hacking and breaches is Finance, which was the victim somewhere in the realm of 2,306 to 2,792 cyberattacks in 2023 (depending on the source). With each data...more
Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more
On October 27, 2023, the Federal Trade Commission (FTC) announced it is amending the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) to include a requirement for non-bank financial institutions to report certain data...more
On October 27, the Federal Trade Commission (FTC or Commission) published a final rule expanding data breach notification requirements for certain financial institutions (Final Rule). Federal Register, will require entities...more
In the second of a three-part series, Buckingham Data Privacy and Cybersecurity Attorney David Myers talks with Andy Jones, CEO, Fortress Security Risk Management, and Bryan Schauer, Vice President at The Schauer Group’s...more
The onslaught of ransomware attacks by cybercriminals increases unabated every year, affecting everyone from mom and pop shops on Main Street to corporate lions of Wall Street. Hackers infiltrate an organization's computer...more
Last week’s news that the Federal Trade Commission is taking steps to begin rulemaking on consumer privacy and artificial intelligence drew plenty of attention from privacy professionals, and suggests 2022 could be an...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more
We are all facing new challenges in this pandemic, including the shift to and growth of remote-work. Meanwhile, we also have to contend with the increased volume of attempted cyberattacks. Despite the distraction of the...more
Five things schools, colleges and universities can do this summer to address data privacy and protect against cybersecurity threats. Consider these five steps during your summer break to address the protection of...more
For several years now, we’ve been alerting employers about the dangers of phishing scams that attempt to obtain private and personal information from employers... Many of these scams rear their ugly head around tax season,...more
I have been conducting a lot of tabletop exercises lately, so it seems timely to mention the concept now for those who many not know what they are or how to get one scheduled for your organization....more
CoPilot Provider Support Services, Inc. (CoPilot), which provides health care companies with billing and insurance support services, has settled allegations by the New York Attorney General of failing to notify individuals of...more
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to...more
Whether resulting from a planned cyberattack or mere carelessness, data breaches are on the rise. In 2015, 781 data breaches were reported across the United States, with the average breach costing $3.8 million. In 2016, the...more
On October 6, California Governor Jerry Brown signed legislation updating California’s data breach notice statute for the third time in three years. The news was quickly overshadowed by the CJEU’s decision invalidating the...more
Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more
The National Association of Insurance Commissioners has announced three initiatives in furtherance of its goal to address cybersecurity issues faced by insurance companies, their state regulators, and consumers, which it...more
In recent years, the SEC has been focused on cybersecurity. It has issued risk alerts, conducted examinations and provided guidance about what the agency sees as widespread weaknesses in many policies and procedures to...more
A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of...more
On Aug. 11, 2015, federal prosecutors in the District of New Jersey and the Eastern District of New York unsealed indictments against nine individuals in the U.S. and Ukraine who were allegedly involved in a five-year,...more
Add dating website Ashley Madison to the list of large companies like Target, Home Depot and Michael’s that have had customer information stolen by hackers. Published reports say Ashley Madison is now facing multiple lawsuits...more
On September 15, 2015, OCIE issued a risk alert relating to its new cybersecurity examination initiative. This is the second round of these examinations, and the alert provides a detailed look at OCIE’s current areas of...more
Companies are reminded of the need for strong internal controls. The US Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) recently filed civil and criminal actions in the largest hacking and...more