Takeaway: As cybersecurity risk increases, large enterprises and government agencies are, increasingly, forcing smaller vendor companies to obtain cyber insurance to help manage the risk of a data breach. To prepare for an...more
When Massachusetts issued its data security regulations in 2009 (Regulations), it led the way for states on data security. The Regulations became effective 12 years ago, almost to the day, March 1, 2010. The Bay State is now...more
To kick off the countdown to World Data Privacy Day, we want to provide businesses, organizations and individuals with a few import reminders going into 2022. With the increase in data privacy laws and enforcement, data...more
What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at...more
Earlier this month, Andrew Smith, the FTC’s Director of the Bureau of Consumer Protection, announced that the Commission had made “three major changes” to its data security orders. Citing recent hearings at the FTC, as well...more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
Delta Sues Software Provider Over Data Breach - Delta Airlines sued its customer service chat provider, [24]7.ai Inc., in New York federal court accusing it of lax digital security practices that allowed a hacker to steal...more
Since 2010, Massachusetts has required organizations that collect personal data about Massachusetts residents to implement a comprehensive written information security program (“WISP”) designed to avoid and respond to data...more
Independent schools, like other non-profits, have valuable digital assets that bring cybersecurity obligations with them. For example, schools typically extend financial aid to students and medical benefits to employees only...more
The Situation: In the wake of the Equifax data breach, Massachusetts has amended its data breach law. The Result: Companies reporting security breaches under the amended data breach law must provide additional information...more
Michigan enacted the Michigan Data Security Act on December 28, 2018, imposing stringent cybersecurity measures on any person (individual or corporate) licensed by the Michigan Department of Insurance and Financial Services. ...more
South Carolina recently enacted a prescriptive data security law for insurers. The law bears resemblance to the New York Department of Financial Services (NYDFS) cybersecurity rules that entered into force last year. ...more
In the wake of the latest massive data breach, this one involving Equifax, more and more companies are likely wondering what they should do in the event that they are faced with a data breach that exposes the personal data of...more
When the topic of data privacy and cyber security comes up, most people automatically think of data breaches, especially given the high-profile nature of so many of them. Breaches and hacks are certainly an issue about which...more
Before committing resources to a potential investment, private equity firms should aggressively evaluate a target company’s cyber risks and cyber preparedness. Some target companies are naturally more exposed to cyber risk...more