2024 was another active year in cybersecurity, with high-profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
On 29 November 2024, the Australian Senate passed the Privacy and Other Legislation Amendment Bill 2024 (Cth) (the Privacy Act Bill). This follows the passage of the Cyber Security Act 2024 (Cth), and other cyber-security...more
The Federal Government continues ramping up enforcement of data security requirements by deploying significant new enforcement theories and tools in support of cyber and data security controls required by federal law....more
Last month, on Data Privacy Day, Colorado’s Attorney General Philip Weiser released prepared remarks entitled “The Way Forward on Data Privacy and Data Security” that shed some light on his approach to enforcing Colorado’s...more
It should be assumed that everything connected to the Internet can be hacked and exposed, now more than ever before. It is commonplace and concerning. Internet of Things (IoT) devices are often developed and sold without a...more
If you are reading this during April 2020, you’re probably reading it from somewhere in your own home — and probably near the friends and loved ones with whom you’re living in close quarters during this time of remote work,...more
One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week. ...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
Tailgating is a physical security breach in which an unauthorized person gains access to a building or other protected area, usually by waiting for an authorized user to open and pass through a secure entry and then following...more
From late June 2019 through mid-October 2019, a handful of states amended their data breach notification statutes. Specifically, six states amended their states to (1) require notice to the State Attorney General, (2) broaden...more
It has been reported by Troy Hunt, the security researcher who has provided us with the Have I Been Pwned free breach notification service, that 1.4 million passwords and personal information of customers of GateHub, a...more
Last Thursday, Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses...more
As mega-breaches heighten concern about the security of personal information and a federal solution does not appear forthcoming, New York recently joined the growing list of states imposing their own security obligations on...more
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more
New York Governor Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The law amends the existing data breach notification law and adds new cybersecurity requirements. The SHIELD Act...more
On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") amending New York's data breach notification law. This adds to the growing list of states...more
On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The SHIELD Act modifies the current Breach Notification Law to expand the types of data...more
Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to...more
The cybersecurity classified protection regime attracted significant attention when it was included in the Peoples Republic of China (PRC) Cyber Security Law promulgated in 2017 (the CSL). The CSL mandates that network...more
On May 6, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an agreement with Touchstone Medical Imaging, LLC (Touchstone)...more
On April 26, 2019, the U.S. Department of Health and Human Services (HHS) issued a Notification of Enforcement Discretion (Notice) regarding imposition of Civil Money Penalties (CMPs) under HIPAA. ...more
In this month's edition, we examine cybersecurity-related state Supreme Court rulings in Pennsylvania, Vermont and Illinois; the Department of Health and Human Services' cybersecurity guidelines for the health care industry;...more
In the first fine issued by a German data protection authority under the European General Data Protection Regulation (“GDPR”), on 21 November 2018 the authority of the German state of Baden-Württemberg (“LfDI”) imposed a fine...more
On September 28, Governor Jerry Brown approved California Senate Bill 327, making California the first state in the country to regulate the security of Internet of Things (IoT) devices. ...more