Spring has Sprung — and so have New York Cybersecurity Regs

The beginning of March, and a spell of unseasonably warm weather, graced the Northeast this week.  So too did New York’s first-in-the-nation cybersecurity regulations.  As we reported here in January, the initial launch of regulations was scuttled in response to industry concerns about scope and the inability to modify internal security measures by the established deadlines.  This resistance led New York’s Department of Financial Services (“DFS”) to slightly modify the regulations and delay implementation by one month.  … More

Cybersecurity Executive Order? – A Few Thoughts on Leaked “Drafts.”

More than two weeks ago, the President postponed issuing an executive order on cybersecurity. Since then, we’ve had no word from the White House on when he intends to sign it. However, two purported drafts of the order have wound up on the Internet—the Washington Post published the first one,[1] and Lawfare, the second. Here are a few quick impressions on those drafts,… More

Friend or Foe? State Attorneys General Start to Change Their Tune on Industry & Cybersecurity

Should businesses be thought of as victims or bad actors when it comes to data breaches?  State attorneys general are embracing the idea that businesses are not necessarily adversaries in the struggle to protect sensitive consumer information.  Over the past several years state attorneys general have exerted efforts to both educate businesses as to their data privacy responsibilities, and collaborate with businesses in constructing more robust cybersecurity policies.  The spotlight now is on the Ohio Attorney General,… More

Want to Know Why Memorial Healthcare Systems Is Paying HHS OCR $5.5 Million?

On February 16, 2017, HHS OCR announced that Memorial Healthcare Systems (MHS) had paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of HIPAA’s Privacy and Security Rules and agreed to implement a “robust” three year corrective action plan and resolution agreement.  Why did MHS pay so much?  A long-term failure to close security holes that led to identity theft and fraudulent tax returns.… More

Webinar on March 16: Internet Takedowns and Domain Name Disputes for the Generalist In-House Counsel

As all aspects of business inexorably shift toward online, it is not surprising that intellectual property infringement, cybersquatting, and related internet abuses abound. Luckily, there are various procedures available by which aggrieved companies can seek relief short of litigation.

Foley Hoag will present a 60-minute webinar on Thursday, March 16 at 12:30 pm EDT offering guidance for in-house counsel regarding internet takedowns and domain name disputes,… More

Court Declines to Issue Seizure Order under Defend Trade Secrets Act

As we previously reported, the federal Defend Trade Secrets Act (DTSA) enacted last May includes a powerful ex parte seizure proceeding that allows courts in “extraordinary circumstances” to order the seizure of property necessary to prevent the immediate dissemination of trade secrets.

Last month, the Northern District of California issued one of the first (if not the first) decision on an ex parte seizure request under the new statute. … More

Make Cybersecurity Great Again? Cybersecurity Challenges — and Opportunities — for the Trump Administration

The Trump Administration has taken office at a time when cybersecurity has increasingly entered the public consciousness as a major challenge facing both the United States government and the business community.  Cyberattacks from both criminal and state actors have bedeviled businesses and roiled politics over the past year.  Against this backdrop, the administration has professed a strong commitment to cybersecurity, for instance designating former New York City Mayor Rudy Giuliani as a high-profile cybersecurity liaison to the private sector,… More

Hey, Alexa – Tell Me About My Privacy Rights!

For internet-of-things watchers, some information to chew on:  several news outlets have reported on a dispute between Amazon and law enforcement investigators in Bentonville, Arkansas.  Arkansas police are investigating an apparent homicide that took place in November 2015, and have charged one suspect with murder.  Searching the house where the crime took place, investigators uncovered an Amazon Echo device, a personal digital assistant that can be activated by voice commands.… More

The European Watchdogs Issue First Guidelines On GDPR

The new (EU) 2016/679 General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. Its scope is broader than that of the current 95/46/CE Directive, which means that more companies headquartered outside of the EU will have to comply with European data protection rules than under the current regime.

The 95/46/CE Directive set up a European body, the Article 29 Working Party,… More

Cybersecurity Incident Response: Who You Gonna Call?

Who should you call when you suspect, or are certain of, a data breach?  Data breaches and other cybersecurity incidents have become of a fact of life.  Yahoo! recently disclosed that data for over one billion users was compromised in 2013.  Hundreds of incidents affecting millions of records were reported in 2016 alone.  So when — not if — your company suffers a breach,… More