Beware of March Madness! Scammers and phishers take advantage of increased web traffic by impersonating popular March Madness websites, including bracket sites and game live streams. Will your employees take the bait?...more
The Securities and Exchange Commission (“SEC”) released expansive interpretive guidance (“2018 Guidance”), posted February 21, 2018, further building upon its far-reaching cybersecurity guidance provided in 2011. Below are...more
3/2/2018
/ Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Financial Statements ,
Guidance Update ,
Insider Trading ,
Interpretive Opinions ,
Materiality ,
Policies and Procedures ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Risk Management ,
Securities and Exchange Commission (SEC)
The Supreme Court on Tuesday will hear arguments in United States v. Microsoft Corp., in which the court will decide whether a US technology service provider, Microsoft, must obey a search warrant for data stored in a foreign...more
We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception. “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks...more
2/21/2018
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy
If your company is one of the broad group of businesses licensed by the New York Department of Financial Services (NY DFS), a very important deadline is bearing down on February 15. Regulated entities have under Thursday to...more
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
As we near the end of a year that has seen more than its share of massive data breaches, two bills have been introduced (one re-introduced) in the U.S. Senate....more
12/11/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Equifax ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Proposed Legislation ,
Reporting Requirements ,
Uber
Has your company recently beefed up its employee identification and access security and added biometric identifiers, such as fingerprints, facial recognition, or retina scans? Have you implemented new timekeeping technology...more
11/6/2017
/ Attorney's Fees ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Consent Agreements ,
Data Collection ,
Employer Liability Issues ,
Statutory Damages ,
Timekeeping ,
Wage and Hour ,
Written Consent
As data breaches dominate national headlines it remains important as ever for businesses to invest in security and to be ready to respond if a breach occurs. Part of your preparedness program should be staying current on data...more
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
9/13/2017
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Credit Cards ,
Credit Reporting Agencies ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Equifax ,
FBI ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Popular
As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat: falling victim (or...more
8/30/2017
/ Cybersecurity ,
Department of Homeland Security (DHS) ,
Disaster Preparedness ,
Email ,
Hurricane Harvey ,
Malware ,
Natural Disasters ,
New Guidance ,
Phishing Scams ,
Popular ,
US-CERT
Recently, Uber agreed to a proposed Federal Trade Commission (FTC) consent order (“Consent Order”) to settle charges in an FTC complaint (“Complaint”) regarding behavior stemming back to at least 2014. Acting Chairman Maureen...more
8/25/2017
/ Consent Order ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Personally Identifiable Information ,
Popular ,
Uber
If you are one of the many businesses licensed by the New York Department of Financial Services (DFS), and cannot avail yourself of the (very) limited exemptions, you must be ready for the first compliance transition date for...more
Recently, the Electronic Privacy Information Center (“EPIC”) asked the FTC to begin an investigation into a Google program called “Store Sales Management.” The purpose of Store Sales Management is to allow for the matching...more
If you are a retailer with locations in New Jersey, you will need to review your procedures in anticipation of a new law effective October 1, 2017....more
The “business compromise email” is what the FBI calls the “$5 billion scam,” but apparently an insurance company did not agree with an insured company that they had been the victim of a crime....more
7/25/2017
/ Business E-Mail Compromise (BEC) ,
Computer Fraud Insurance ,
Corporate Counsel ,
Crime Insurance Policies ,
Cyber Crimes ,
Cyber Insurance ,
Denial of Insurance Coverage ,
Email ,
FBI ,
Fraud ,
Fund Transfers ,
Money Transfer ,
Scams ,
Spoofing
Decisions you make when founding and/or investing in an insurtech venture can dictate your regulatory obligations, tax liability, operational structure and, ultimately, profitability.
Here are five seemingly simple...more
7/11/2017
/ Data Breach ,
Data Privacy ,
Department of Financial Services ,
EU Data Protection Laws ,
Insurance Industry ,
Insuretech Sector ,
Investors ,
NYDFS ,
Popular ,
Profits ,
Startups ,
Tax Liability ,
Venture Funding
Oregon’s legislature recently expanded the scope of statutory consumer protections by passing a bill to amend the state’s Unlawful Trade Practices Act (the “Act”). Recently, Oregon’s Governor Kate Brown signed H.B. 2090 into...more
It seems as though we have been writing about this case for a lifetime. Target Corporation’s data breach saga came one step closer to a conclusion this week. On Tuesday, Target reached an $18.5 million settlement with 47...more
5/26/2017
/ Board of Directors ,
CEOs ,
Civil Monetary Penalty ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Debit and Credit Card Transactions ,
Form 10-K ,
Information Security ,
Personally Identifiable Information ,
Settlement ,
Target Company
Amid the flurry following former FBI Director James Comey’s firing last week, President Trump marked his 111th day in office on Thursday, May 11th by signing an executive order targeting national cybersecurity....more
Another day, another data incident. If you use DocuSign, you’ll want to pay attention.
The provider of e-signature technology has acknowledged a data breach incident in which an unauthorized third party gained access to...more
We’ve been following the latest on the WannaCry ransomware attack that we first told you about over the weekend.
A feared “second strike” did not materialize today, but victimized firms in over 100 countries are still...more
By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant,...more
UPDATE: Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrives for work on Monday morning.”
By now, you may have...more
After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz...more