The New York Department of Financial Services (NYDFS) blazed a cybersecurity trail with its 2017 regulation for the protection of information collected and processed in, and systems used in the operation of, the financial...more
California may have again taken the privacy protection lead among U.S. jurisdictions with the Governor’s signing on June 28, 2018 of the California Consumer Privacy Act of 2018 (AB 375) (the “Act”). Privacy and security...more
7/6/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
The U.S. Supreme Court recently declined to review CareFirst Inc. v. Attias, a data breach standing case. For those hoping for resolution of a notable circuit split over what constitutes Article III standing at the pleading...more
The U.S. Securities and Exchange Commission is at the center of the current day “cyber storm” of data and system protection, both as a victim and as a regulator. According to an SEC director, “[c]yber-related threats and...more
Despite considerable incident response work after numerous alleged data breaches, very few opinions have addressed the application of attorney-client privilege and the work-product doctrine to the materials created by such...more
In early September, Equifax disclosed a now well-known data breach that ultimately affected a reported 146 million customers in the United States. The breach allegedly occurred in May 2017, as a result of an online security...more
As cyber risks continue to evolve, resulting insurance claims continue to implicate a variety of types of policies. Although many claims are addressed without lawsuits being filed, some are not. And while not all coverage...more
The definition of “ransomware” can sound pretty academic. For example, the FBI describes ransomware as “a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified...more
On January 1, 2017, Illinois ushered in a broader and stronger personal information and data breach regime. The Illinois Personal Information Act (PIPA), 815 ILCS § 530, applies any entity that “handles, collects,...more
New York’s Cybersecurity Requirements for DFS Licensees: A New Item at the Top of the To Do List -
With a compliance date a few months away, licensees of the New York Department of Financial Services (DFS) must start...more
1/30/2017
/ Banks ,
Cybersecurity ,
Department of Energy (DOE) ,
Department of Financial Services ,
Department of Homeland Security (DHS) ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Medical Devices ,
NIST ,
Personally Identifiable Information ,
Popular ,
Ransomware
An increasing number of businesses are targeted by very sophisticated email scams designed to convince company employees responsible for executing financial transactions to wire funds to overseas accounts controlled by...more
1/3/2017
/ Banks ,
CEOs ,
CFOs ,
Chief Information Officers (CIO) ,
Chief Information Security Officer (CISO) ,
Commercial Insurance Policies ,
Continuing Legal Education ,
COOs ,
Crime Victims ,
Cybersecurity ,
Email ,
FBI ,
Fraud Prevention ,
Loss Prevention ,
Offshore Banks ,
Phishing Scams ,
Risk Assessment ,
Risk Mitigation ,
Webinars ,
Wire Fraud
What role do cyber and other insurance lines play when losses result from an employee’s unwitting participation in spoofed email or password theft schemes? Several recent cases illustrate the evolving coverage implications...more
General Data Protection Regulation Update -
As reported in the April Locke Lord Privacy & Cybersecurity Newsletter, the European Parliament gave the final approval to the General Data Protection Regulation (GDPR) on...more
7/7/2016
/ Americans with Disabilities Act (ADA) ,
Cybersecurity ,
Data Breach ,
Department of Insurance ,
Equal Employment Opportunity Commission (EEOC) ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
NLRA ,
OCR ,
UK ,
UK Data Protection Act
What seems like a long time ago now, in 2011 PricewaterhouseCoopers (PwC) warned that “there is no question that law firms are among the companies being targeted by cyber criminals.” Despite this, many law firms believed (or...more
The growing percentage of businesses that purchase cyber security and data privacy insurance portends a growing number of claims and, inevitably, litigation over some of those claims. Wells Fargo’s 2015 Cyber Security and...more
Insurers have struggled to find a common baseline to measure cyber risks. Changes in technology, hacking and other data security risks and the shifting legal landscape concerning liability for data breaches have made the...more
Does the Third Circuit’s recent decision in FTC v. Wyndham Worldwide Corp. usher in a new era of enforcement by the FTC and other federal agencies regarding cybersecurity practices? Regardless of the answer, it is important...more
Interesting conclusions about data breach costs emerge from two new studies, the 2015 Ponemon Institute’s Cost of Cyber Crime Study: Global and the 2015 NetDiligence® Cyber Claims Study. While the phrase alluded to in our...more
Retail Tracking Update: Privacy Guidance Following Nomi Technologies
- There is currently a widespread effort to quantify everything, from steps, to sleep, to batted ball exit velocity. Fifteen years ago, TV host Jeremy...more
7/31/2015
/ Breach Notification Rule ,
Canada ,
Confidential Information ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
FOIA ,
Hong Kong ,
Identity Theft ,
Notification Requirements ,
Online Safety for Children ,
PCPD ,
Personal Data ,
PIPEDA ,
Power Grid ,
Retail Tracking ,
Risk Assessment ,
Standing ,
Telecommunications ,
Turkey ,
UNCITRAL
In what is sure to be a widely cited data breach standing decision, the U.S. Court of Appeals for the Seventh Circuit found that increased risk of future harms from a data breach are sufficient to confer standing to sue upon...more
Early days still for coverage litigation about cyber risks – whether under cyber insurance policies or other types of policies. This is not surprising given the relatively short history of cyber risks and even shorter history...more
Where do we stand on standing in data breach cases? It depends on which court you ask. In December 2014, two courts considered whether plaintiffs alleged sufficient injury in their complaints involving well-known data...more