A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
Takeaway: As cybersecurity risk increases, large enterprises and government agencies are, increasingly, forcing smaller vendor companies to obtain cyber insurance to help manage the risk of a data breach. To prepare for an...more
The FTC recently settled its enforcement action involving data privacy and security allegations against an online seller of customized merchandise. In addition to agreeing to pay $500,000, the online merchant consented to...more
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these...more
What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at...more
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) went into effect. The CCPA applies to a wide range of companies and broadly governs the collection, use and sale of personal information of California...more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
Delta Sues Software Provider Over Data Breach - Delta Airlines sued its customer service chat provider, [24]7.ai Inc., in New York federal court accusing it of lax digital security practices that allowed a hacker to steal...more
We routinely recommend to clients that they develop a written information security program (“WISP”), to safeguard sensitive information on a day-to-day basis. In fact, businesses (wherever located) that collect, store or use...more
New York Governor Andrew M. Cuomo signed a bill into law last week that expands New York’s data breach notification law. The Stop Hacks and Improve Electronic Data Security (SHIELD) Act brings the New York data breach...more
Data security and privacy concerns have become one of the top issues keeping business leaders up at night. According to the Ponemon Institute’s 2018 study regarding the cost of data breaches, data breaches are increasingly...more
On Thursday, April 11, 2019, Massachusetts' revisions to its data breach notification law came into effect with significant changes to how a company handling residents’ personal information must respond to a data breach....more
Since 2010, Massachusetts has required organizations that collect personal data about Massachusetts residents to implement a comprehensive written information security program (“WISP”) designed to avoid and respond to data...more
On April 11, 2019, significant revisions to Massachusetts’ data breach law – Chapter 93H – take effect. The revised statute requires more detailed notifications to both the Commonwealth and affected consumers, and mandates...more
The Situation: In the wake of the Equifax data breach, Massachusetts has amended its data breach law. The Result: Companies reporting security breaches under the amended data breach law must provide additional information...more
Cybercriminals have launched a new campaign that not only requires the victim to pay a ransom to have their data decrypted, but when the victim is directed to a PayPal account to pay the ransom and get the decryption key to...more
Although the Massachusetts Data Security Regulations went into effect March 1, 2010, I still find that many companies have not implemented a Written Information Security Program (WISP) and don’t know that they are required to...more
A large portion of the data breaches that occur each year involve human resource related issues. This includes situations in which HR data was lost, employees were inadvertently responsible for the loss of information about...more
In the wake of the latest massive data breach, this one involving Equifax, more and more companies are likely wondering what they should do in the event that they are faced with a data breach that exposes the personal data of...more
In the world of data breaches, John Chambers, CEO at Cisco, explained it best: "There are only two kinds of companies. Those that were hacked and those that don’t yet know they were hacked." With the ever increasing rate of...more