We have written here before about the challenges and benefits of getting rid of old data. As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning. Last week, the New York Department of Financial Services (“NYDFS”) issued a reminder… Read More
On June 6, 2018, the Eleventh Circuit vacated a cease and desist order issued by the FTC against LabMD as unenforceably vague. The FTC’s Order, which resulted from a finding that LabMD had failed to maintain an adequate cybersecurity program, directed LabMD to “establish and implement, and thereafter maintain, … Read More
We had previously predicted that the Equifax data breach could lead to increased state-level cybersecurity enforcement. On June 27, the NYDFS announced that Equifax has agreed to take corrective action for its 2017 data breach, as set forth in a consent order reached with the NYDFS and seven other … Read More
For years, the default setting at many companies was to keep electronic data indefinitely. Storage is cheap, there are legal risks associated with deleting data, and you never know when an email from 10 years ago is going to become important. Some companies have document management policies, but often they … Read More
The New York Department of Financial Services (“NYDFS”) recently issued guidance for its covered entities highlighting the importance of cybersecurity as a necessary part of M&A due diligence. This guidance comes in the greater context of the Yahoo! SEC resolution to demonstrate that regulators are paying close attention to … Read More
The new year is fast approaching. 2017 has been a year of major cyber incidents, including the Equifax breach. Cybersecurity will continue to be a top concern for companies in the new year. Avi Gesser spoke with Markets Media about his outlook for cybersecurity law and regulation in 2018.
Which … Read More
On Halloween, the New York and Vermont attorneys general obtained a $700,000 settlement from Hilton for, among other violations, late breach notification. Earlier this week, we noted that the Reserve Bank of India (“RBI”) imposed a $1 million USD fine on India’s Yes Bank for violating RBI’s 2 to 6 … Read More
The National Association of Insurance Commissioners (“NAIC”) has signaled that insurance regulators may be the first government agencies to adopt the framework for cybersecurity regulation that was recently set out in the New York Department of Financial Services (“NYDFS”) cybersecurity rules, which went into effect on August 28, 2017.
The … Read More
Today marks the first deadline for entities regulated by the New York Department of Financial Services (“NYDFS”) to comply with certain provisions of the recent NYDFS cybersecurity rules. The NYDFS cybersecurity rules taking effect is a significant event for NYDFS-regulated entities, and for any company facing cybersecurity concerns. The … Read More