The New York State Department of Financial Services (NYDFS) and the Attorney General’s office have recently imposed significant fines totalling $11.3 million on Geico and Travelers for data breaches that compromised the...more
New York hospitals have less than a year to dust off their Health Insurance Portability and Accountability Act (HIPAA) compliance programs and update them to comply with more stringent and detailed state regulations. Last...more
Frontier Communications (Frontier) faces three class action lawsuits in relation to a cyber data breach in which the criminal ransomware group, RansomHub, stole personally identifiable information (PII) of over 750,000...more
Multi-employer plan participants involved in an Employee Retirement Income Security Act of 1974 (ERISA) class action lawsuit against Horizon Actuarial Services LLC (Horizon), a national retirement services firm, have entered...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
Effective October 23, 2019 for changes in data breach notification requirements, and March 21, 2020 for new data security requirements, New York’s “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act) broadens...more
Just prior to the sweltering hot weekend, Governor Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act. Taking effect on March 22, 2020, the law imposes new obligations on entities to...more
No one knows for sure how many "things" are connected to the Internet, but the Federal Trade Commission reported last year that it was more than 8 billion, and that it would exceed 20 billion by the end of 2020! Astonishing...more
California “Connected Devices” Law - On September 28, 2018, California passed a new law that raised the baseline for the security of Internet of Things (“IoT”) devices, or “connected devices.” Under this new law,...more
The market for internet-connected devices (often referred to as the Internet of Things, or IoT) is growing rapidly. Investment in this burgeoning space can be attractive, and according to research firm IDC, the worldwide...more
Boulder Partner David Zetoony published the 2017 edition of his handbook, Data Privacy and Security: A Practical Guide for In-House Counsel, on Jan. 28 – Data Privacy Day. The guide provides an overview of laws relevant to a...more
On March 1, New York will go live with cybersecurity rules for financial service providers such as banks, insurance companies and others subject to the Department of Financial Services’ jurisdiction. At its core, the rules...more
The news regularly reports on data breaches and cybersecurity. While we read about the biggest breaches – Home Depot, Target, Anthem, JP Morgan, Wyndham – probably every business has been hacked and will be hacked again. ...more
The debate over standing in data breach litigation is gaining more attention lately. While many courts have hesitated to find standing prior to lost personally identifiable information (PII) actually being misused, the U.S....more
Investment firm R.T. Jones Capital Equities Management (R.T. Jones) has agreed to settle with the Securities and Exchange Commission (SEC) and pay a $75,000 penalty over charges that it failed to adopt written policies and...more
Recently, the SEC announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, agreed to settle charges that it failed to establish the required cybersecurity policies and procedures before a...more
On September 22, 2015, the Securities and Exchange Commission (SEC) filed a settled administrative proceeding[1] alleging that a registered investment adviser failed to adopt cybersecurity procedures in violation of an SEC...more