Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More
Tag Archives: data breach
GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents
On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective: its data security requirements. The SHIELD Act is a sweeping statute governing individual rights relating to data breaches. It was adopted in July 2019 and has been rolled out in the months since then: its breach notification provisions took effect on October 23, 2019, and its data security requirements have now taken effect. … More
Minimizing Litigation Risk: What Cybersecurity Auditors Can Learn From Their Financial Statement Auditor Analogues
Data breaches – always critically important to those with responsibility for storing, transporting and protecting electronic information – have become an all-consuming topic of late. Stories about data theft dominate political headlines, boardroom discussions, and family meetings around the dinner table. They, of course, have also been the subject of government investigations and private litigation.
The current environment is not unlike other moments in our recent past that seemed to have captured the attention of Wall Street,… More
Who should you call when you suspect, or are certain of, a data breach? Data breaches and other cybersecurity incidents have become of a fact of life. Yahoo! recently disclosed that data for over one billion users was compromised in 2013. Hundreds of incidents affecting millions of records were reported in 2016 alone. So when — not if — your company suffers a breach,… More
In late December, New York’s Financial Services Superintendent Maria T. Vullo announced that the New York’s Department of Financial Services’ (“DFS”) new cybersecurity regulations would not go into effect on January 1, 2017 as initially planned. These “first-in-the-nation” cybersecurity regulations were designed to help protect consumers and the financial system from the increasingly serious threat of cyberattacks. However, the regulations faced opposition from the financial services companies and insurers that would have been subject to them.… More
Editor’s note: This is the sixth and last in our end-of-year series. See our previous posts on trade secrets, state regulation and law enforcement, HIPAA compliance, emerging threats, and energy. See you in 2017!
Fragmentation in U.S. data privacy and cybersecurity law is both peril and promise. The peril? Businesses must contend with uncertainty and the costs associated with pleasing many regulatory masters. … More
Editor’s note: This is the fourth in a continuing end-of-year series. See our previous posts on trade secrets, state regulation and law enforcement, and HIPAA compliance. Our last two posts will focus on the energy industry, and federal regulation and law enforcement.
In 2016, new and alarming cybersecurity threats emerged, raising concerns in government, the business world,… More
Editor’s Note: This is the second in a continuing end-of-year series. Stay tuned for our next installment, discussing HIPAA compliance.
In the patchwork of state and federal law regulating the use and maintenance of personal confidential information, states play a significant role and can often be the most important regulator and law enforcement authority. Recent events have signaled changes in how states interpret and enforce their data privacy standards —… More
Editor’s Note: This is the first of an end-of-year series of posts examining coming trends in cybersecurity. Posts will examine trends in state regulations, federal regulatory authority, the changing nature of the threat landscape, and HIPAA. This post discusses a shift in concern from personal consumer information toward company trade secrets.
When it comes to the issue of data privacy and security, especially among lawyers, the discussion generally concerns personally identifiable information. … More
Data breaches are crisis moments that businesses must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory requirements, and communicating adequately with customers. Waiting to think about such issues when a data breach occurs can increase costs (including the costs associated with the time needed to restore normal business operations) and harm a company’s reputation.… More