Focused commentary on the latest in data strategy, cybersecurity preparedness, regulatory compliance and incident response
On Tuesday April 14, 2020, the fifth annual Incident Response Forum (the “Forum”) convened an extensive roster of presenters from private practice and the government, including from the DHS, DOJ, FTC, SEC, NYDFS, FBI, and the Secret Service, to discuss best practices for incident response.
The government panelists shared insights…
Continue Reading 2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement
As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls. Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements. As detailed…
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight
In the last few years, we have seen a dramatic increase in the purchase and sale of alternative data—a shorthand for big data sets, such as satellite images of parking lots, drug approvals, credit card purchases, cellphone data on retail foot traffic, and construction permits. According to alternativedata.org, the alternative…
Continue Reading Alternative Data Goes Mainstream, and Gets Increased Attention from Regulators
We have written here before about the challenges and benefits of getting rid of old data. As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning. Last week, the New York Department of Financial Services (“NYDFS”) issued a reminder…
Continue Reading With the Sedona Report, Companies Get Some Helpful Guidance on How to Get Rid of Large Volumes of Old Data
On June 6, 2018, the Eleventh Circuit vacated a cease and desist order issued by the FTC against LabMD as unenforceably vague. The FTC’s Order, which resulted from a finding that LabMD had failed to maintain an adequate cybersecurity program, directed LabMD to “establish and implement, and thereafter maintain,…
Continue Reading Standards vs. Rules for Cyber Regulation – The Eleventh Circuit Weighs in Against the FTC and in Tacit Support for the NYDFS Approach
We had previously predicted that the Equifax data breach could lead to increased state-level cybersecurity enforcement. On June 27, the NYDFS announced that Equifax has agreed to take corrective action for its 2017 data breach, as set forth in a consent order reached with the NYDFS and seven other…
Continue Reading NYDFS Brings Its First Cybersecurity Enforcement Action
For years, the default setting at many companies was to keep electronic data indefinitely. Storage is cheap, there are legal risks associated with deleting data, and you never know when an email from 10 years ago is going to become important. Some companies have document management policies, but often they…
Continue Reading Getting Rid of Old Data Is Becoming a Regulatory Requirement
The New York Department of Financial Services (“NYDFS”) recently issued guidance for its covered entities[1] highlighting the importance of cybersecurity as a necessary part of M&A due diligence. This guidance comes in the greater context of the Yahoo! SEC resolution to demonstrate that regulators are paying close attention to…
Continue Reading NYDFS Highlights Continued Importance of Cybersecurity in M&A Due Diligence
The new year is fast approaching. 2017 has been a year of major cyber incidents, including the Equifax breach. Cybersecurity will continue to be a top concern for companies in the new year. Avi Gesser spoke with Markets Media about his outlook for cybersecurity law and regulation in 2018.
Which
…
Continue Reading Cybersecurity Law and Regulatory Predictions for 2018
On Halloween, the New York and Vermont attorneys general obtained a $700,000 settlement from Hilton for, among other violations, late breach notification. Earlier this week, we noted that the Reserve Bank of India (“RBI”) imposed a $1 million USD fine on India’s Yes Bank for violating RBI’s 2 to 6…
Continue Reading More Tough Penalties for Late Breach Notification