On 29 November 2024, the Australian Senate passed the Privacy and Other Legislation Amendment Bill 2024 (Cth) (the Privacy Act Bill). This follows the passage of the Cyber Security Act 2024 (Cth), and other cyber-security...more
It has been a busy month for cyber and privacy regulation in Australia. On the heels of the proposed amendments to the Privacy Act 1988 released just under a month ago, three further draft Bills relating to cyber security...more
The AI executive order moves the U.S. closer to a broader unified approach on federal AI regulation, expanding on the AI Bill of Rights and NIST AI Risk Management Framework and focusing on the responsible development and...more
As the COVID-19 pandemic appears to be entering the endemic phase, organizations are turning their attention to onsite collaboration and physical interaction among staff members, many of whom have been working remotely for...more
You executives and managers who are in my age group (that is, you didn’t grow up with mobile devices and computers) listen up. According to several studies, you pose a higher security risk to your organization than the...more
In a recent decision, the Delaware Court of Chancery noted that a plaintiff-franchisor did not take adequate protections to safeguard the confidentiality of its purported trade secrets while using a remote audiovisual...more
Following the UK Government's announcement in January 2020 that it would be moving forwards with regulation on consumer IoT device security, the Government has now published its legislative proposals and is seeking feedback...more
Social distancing, a term which few of us had heard of before this year (despite the fact that it has been used since at least the early 2000s), is stretching into its third month....more
If you are reading this during April 2020, you’re probably reading it from somewhere in your own home — and probably near the friends and loved ones with whom you’re living in close quarters during this time of remote work,...more
The new data security requirements provision of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into full force as of March 21, 2020, and all people and businesses, regardless of the state in...more
One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week. ...more
In the fall of last year, we wrote about the passage of the SHIELD Act (the Act) in New York, which expanded aspects of the state’s breach notification requirements (Breach Requirements) and created a statutory obligation to...more
Fear of the coronavirus is causing many employers to permit—or in some cases mandate—employees to work remotely. While this measure is designed to minimize the risk of virus transmission, it presents an altogether different...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC...more
Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more
UK Government set to move forwards with regulation on consumer IoT device security The UK Government has just announced that it intends to draw up legislation aimed at ensuring that all consumer smart devices sold in the UK...more
New data retention limitations and disposal requirements on some types of businesses in New York will go into effect on March 21, 2020, under the Stop Hacks and Improve Electronic Data Security (SHIELD Act) that was signed...more
From late June 2019 through mid-October 2019, a handful of states amended their data breach notification statutes. Specifically, six states amended their states to (1) require notice to the State Attorney General, (2) broaden...more
Last Thursday, Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses...more
As mega-breaches heighten concern about the security of personal information and a federal solution does not appear forthcoming, New York recently joined the growing list of states imposing their own security obligations on...more
Today, business is increasingly global, and with that global reach comes travel. In 2018, according to the U.S. Travel Association, business travel spending topped $327 billion, and 2019 shows no signs of slowing down. Given...more
Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to...more
We all have been trained to look at website addresses with a critical eye to make sure they have “https,” as those websites are supposed to be secure. The “s” at the end signifies to us that it is secure. The lock at the...more
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health...more