A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these...more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
We routinely recommend to clients that they develop a written information security program (“WISP”), to safeguard sensitive information on a day-to-day basis. In fact, businesses (wherever located) that collect, store or use...more
New York Governor Andrew M. Cuomo signed a bill into law last week that expands New York’s data breach notification law. The Stop Hacks and Improve Electronic Data Security (SHIELD) Act brings the New York data breach...more
On Thursday, April 11, 2019, Massachusetts' revisions to its data breach notification law came into effect with significant changes to how a company handling residents’ personal information must respond to a data breach....more
The Situation: In the wake of the Equifax data breach, Massachusetts has amended its data breach law. The Result: Companies reporting security breaches under the amended data breach law must provide additional information...more
Cybercriminals have launched a new campaign that not only requires the victim to pay a ransom to have their data decrypted, but when the victim is directed to a PayPal account to pay the ransom and get the decryption key to...more
A large portion of the data breaches that occur each year involve human resource related issues. This includes situations in which HR data was lost, employees were inadvertently responsible for the loss of information about...more
In the wake of the latest massive data breach, this one involving Equifax, more and more companies are likely wondering what they should do in the event that they are faced with a data breach that exposes the personal data of...more
In the world of data breaches, John Chambers, CEO at Cisco, explained it best: "There are only two kinds of companies. Those that were hacked and those that don’t yet know they were hacked." With the ever increasing rate of...more