September 19, 2016| Blog
The New York Department of Financial Services recently announced a new proposed rule, which would require financial institutions and insurers to implement strong policies for responding to cyberattacks and data breaches.
September 16, 2016| Blog
In its recent decision in Galaria v. Nationwide Mut. Ins. Co., no. 15-3386 (6th Cir. Sept. 12, 2016). Co., No. 15-3386 (6th Cir. Sept. 12, 2016), a divided Sixth Circuit panel held that plaintiffs had standing to assert claims arising from hackers’ alleged theft of data containing plaintiffs’ sensitive personal data, including dates of birth and Social Security numbers.
September 8, 2016| Blog
The FBI warned this summer that the “Business Email Compromise” (“BEC”) scam continues to grow, evolve, and target businesses of all sizes. As reported by the FBI in June, the scam had hit more than 22,000 victims for a combined dollar loss of greater than $3 billion – that’s billion with a B! And the latest evolution is even more threatening, potentially causing breaches of protected data.
September 2, 2016| Blog
As has become typical in the data security space, there was quite a bit of activity in state legislatures over the previous year concerning data breach notification statutes. Lawmakers are keenly aware of the high profile data breaches making headlines and the increasing concerns of constituents around identity theft and pervasive cybercrime.
August 23, 2016| Blog
Last week the clothing retailer Eddie Bauer LLC issued a press release to announce that its point of sale (“POS”) system at retail stores was compromised by malware for more than six months earlier this year.
August 9, 2016| Blog
It is easy to see networks all around us. The printers at the office, your child’s videogame, the food ordering app on your phone, the fitness band or smart watch on your wrist, the electricity grid for your city, the self-driving cars being tested on our roads, all rely at least in part on networked solutions.
August 8, 2016| Blog
Two recent data breach incidents in the healthcare industry prove what readers of this blog have heard all too often: KNOW THY VENDORS.
August 1, 2016| Blog
On Friday, the heads of the Federal Trade Commission overruled the decision of the Administrative Law Judge (“ALJ”) in In the Matter of LabMd., Inc. The FTC concluded that the ALJ had erred in dismissing the Commission’s case against a lab testing company LabMD and misapplied the unfairness standard.
August 1, 2016| Blog
The certification forms for the new US-EU Privacy Shield Framework are now available online. What is not easily discernible in the workflow is the fee structure. One needs to refer back to the Federal Register's implementation notice, published July 22.
July 26, 2016| Blog
The Article 29 Working Party (WP29) has released a brief updated statement on the final form of the Privacy Shield adequacy decision and supporting annexes. WP29 is an important advisory group made up of representatives of each of the EU's national data protection authorities.
July 19, 2016| Blog
The U.S. Court of Appeals for the Ninth Circuit recently issued a decision that could have far reaching implications for the relationships between companies that provide online services, their customers or users, and third parties.
Fizzled Suit Against Target Officers and Directors Raises Question as to the Value of Derivative Claims in Data Breach Cases
July 13, 2016| Blog
In a terse two-page order, Senior District Court Judge Paul Magnuson dismissed derivative claims brought against officers and directors of Target in connection with the 2013 holiday-season data breach.
July 12, 2016| Blog
The EU Commission has formally adopted Privacy Shield and the US Department of Commerce will go live with a new Privacy Shield registration website on August 1. US companies that had been registered under Safe Harbor will need to complete a new internal review, self-certification and registration to take advantage of Privacy Shield.
July 11, 2016| Blog
The final version of Privacy Shield (which has not yet been officially published) passed the Article 31 Committee vote on July 8th and is being presented today to the LIBE committee of the European Parliament. LIBE’s vote is advisory, but it may provide some early indications as to how well Privacy Shield will survive anticipated legal attacks once it is formally adopted and implemented.
July 11, 2016| Blog
Not all the news coming out of Europe these days is about Brexit. In fact, the forces of unity and harmonization remain a top priority for European regulators hoping to combat digital security threats and create a safer and more secure environment for the entire online community.
July 1, 2016| Blog
According to several news reports, the Commission has sent a revised draft of the Privacy Shield adequacy decision to the Article 31 Committee. One tech industry news source, Ars Technica, has made available a purportedly leaked draft of the version of Privacy Shield that is being reviewed by the Article 31 Committee.
June 27, 2016| Blog
Colorado is the latest state to revisit, and expand upon, its laws pertaining to the use and protection of student data. Colorado Governor John Hickenlooper recently signed into law House Bill 16-1423 (the “Bill”) designed to increase the transparency and security of personal information about students enrolled in Colorado’s public education system (K-12).
June 24, 2016| Blog
US companies and policy makers will no doubt spend a good chunk of the day today considering the possible implications for them of yesterday’s UK vote for Brexit. Mark Carney, Governor of the Bank of England, has issued a statement to calm the markets.
June 22, 2016| Blog
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies generally to HIPAA Covered Entities and Business Associates.
June 21, 2016| Blog
The number one threat to a company's information (personal or confidential) is still its own employees. Data security and privacy training are the first lines of defense against negligent employee behavior.
Explore Other Viewpoints:
- Arbitration, Mediation & Alternate Dispute Resolution
- Bankruptcy & Restructuring
- Class Action
- Complex Commercial Litigation
- Consumer Product Safety
- Debt Financing
- EB-5 Financing
- Education & Nonprofits
- Employment, Labor & Benefits
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPR's & Other Post Grant Proceedings
- Insolvency & Creditor Rights Litigation
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Products Liability & Complex Tort
- Project Development & Finance
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations