A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
In today's evolving world of security and data privacy, K-12 schools, universities, local governments, and hospitals are increasingly finding themselves on the same list: vulnerable to the threat of a cyberattack....more
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these...more
What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at...more
On March 21, 2020, companies will need to comply with yet another data privacy and security law when the New York Stop Hacks and Improve Electronic Data Security Act ("NY SHIELD Act") takes effect. The SHIELD Act is unique in...more
Earlier this month, Andrew Smith, the FTC’s Director of the Bureau of Consumer Protection, announced that the Commission had made “three major changes” to its data security orders. Citing recent hearings at the FTC, as well...more
Section 230 of the Connecticut budget bill is called the “Insurance Data Security Law” and becomes effective October 1, 2019. It requires any insurance licensee, (anyone who is authorized or licensed and subject to the...more
Since 2010, Massachusetts has required organizations that collect personal data about Massachusetts residents to implement a comprehensive written information security program (“WISP”) designed to avoid and respond to data...more
Michigan enacted the Michigan Data Security Act on December 28, 2018, imposing stringent cybersecurity measures on any person (individual or corporate) licensed by the Michigan Department of Insurance and Financial Services. ...more
South Carolina recently enacted a prescriptive data security law for insurers. The law bears resemblance to the New York Department of Financial Services (NYDFS) cybersecurity rules that entered into force last year. ...more
In early September 2016, the New York Department of Financial Services (“DFS”) proposed a set of data security regulations (the “Proposal”) that would govern financial institutions, banks, and insurance companies subject to...more