The New York State Department of Financial Services (NYDFS) and the Attorney General’s office have recently imposed significant fines totalling $11.3 million on Geico and Travelers for data breaches that compromised the...more
On August 22, 2024, the United States intervened in a whistleblower suit against the Georgia Institute of Technology, initially filed by current and former members of Georgia Tech’s cybersecurity team, alleging that Georgia...more
AI tools often drive efficiency and save money, but they have drawbacks. Here’s what to know....more
I was hanging out with my friend this weekend, both catching up on emails from a coffee shop. After a while, he turned to me. “Well sh*t. Looks like my social security number might be on the dark web.”...more
We’ve previously written on the need for law firms to scrutinize the data security protections in place at all third-party vendors who have access to client confidential information. Clearly, that’s still good advice....more
On February 28, 2024, President Biden issued Executive Order 14117 (the EO) on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” that would...more
Many general counsels, as well as their privacy and cybersecurity teams, are understandably focused on their company’s coronavirus safety measures - and that is good news to the hackers. Hackers thrive amidst confusion and...more
The potential statutory damages under the CCPA dwarf almost every previous large data breach settlement in the United States. To mitigate the risk of this increased exposure, companies need to take key steps to ensure they...more
Addressing cybersecurity risks invariably involves very technical matters. As a result, in many companies the IT department has been responsible for developing and implementing cybersecurity plans and procedures....more
We’re all guilty of it. We keep things that we don’t need, like that pair of stone-washed jeans from 1992 that you hope will come back into style or your beanie baby collection that you blindly believe might be worth...more
Due to the general flexibility granted to banks by their standard account opening terms, corporate victims of online banking frauds often face substantial hurdles in court in their attempts to recover the sums lost from the...more
On September 15, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert re-emphasizing the careful scrutiny it will give to the data security practices of...more
In a much anticipated decision, the Third Circuit Court of Appeals affirmed the authority of the Federal Trade Commission (FTC) to enforce actions against companies who have been subject to a data breach. The FTC sued...more
An organization’s information can be put at risk when staff begin to bring their own devices and use them in the workplace. As a result, in such cases, an organization should consider adopting an appropriate “bring your own...more
Employees are the front line of your information security defense. While technological protections are essential (for example, anti- virus software, firewalls, spam filters, etc.), none are as effective as a vigilant end...more
On June 19, 2015, the National Institute of Standards and Technology (NIST) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal...more
Tens of thousands of cyber attackers employed by Chinese People’s Liberation Army and other employees and contractors of the Chinese Ministry of State Security work diligently every day to steal information from U.S....more
With all of the privacy and data security enforcement actions brought by the Federal Trade Commission in recent years, and with all of the guidance distributed by the FTC in that time frame, it is easy to get caught up in...more
Many have heard that “it is not a matter of if a company will be attacked, but when.” Statements like this used to be met with skepticism – companies would say we do not have information hackers want, we outsource our...more