Compliance Deadline Approaching for NY Cybersecurity Regulation

A key compliance date for the NY Cybersecurity Regulation is quickly approaching. September 4, 2018 will serve as the third key implementation date for individuals and companies (Covered Entities) governed by New York’s Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500). Unless the Covered Entity qualifies for one of the exemptions under 23 NYCRR 500.19, by September 4, all Covered Entities must have completed the following*:
  • create and maintain systems that can reconstruct material financial transactions to support and maintain the obligations of

Continue reading...

Encouraging Greetings from BlackHat USA 2018: the world’s leading information security event in Las Vegas, Nevada

As this author, and 10,000+ other attendees were reminded yesterday at Day One of the BlackHat USA 2018 conference in Las Vegas, Nevada, cybersecurity (and data protection) has extended beyond a technical issue to encompass one of the most pressing social and political problems in the world today. For those technical specialists who create, maintain and secure the digital space in which we not only conduct business, but also live a significant portion of our lives, the message was clear: only by collaborating with other…
Continue reading...

DHS’s National Risk Management Center to Protect Against Cybersecurity Threats to Critical Infrastructure.

On July 31, the U.S. Department of Homeland Security (DHS) announced the creation of the National Risk Management Center (NRMC), which will focus on evaluating cyber threats and defending critical United States infrastructure. The NRMC will have responsibility for coordination at a national level to protect banks, utilities, telecoms, and similar infrastructures from cybersecurity threats including attacks from nation states like Russia. Specifically, DHS states that the NRMC will:
  • identify, assess, and prioritize efforts to reduce risks to national critical functions, which enable national and

Continue reading...

The GDPR Question and Answer Guide

Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy, Global Insurance Services, and other practice groups have fielded countless questions from clients and colleagues curious (or concerned) about the European Union’s (EU) General Data Protection Regulation (GDPR), the landmark legislation governing data protection and privacy for all individuals within the European Union, as well as the export of all data from the EU and European Economic Area (EEA). Here, we answer the most frequently asked questions pertaining to the GDPR’s who, what, when, where, how, and…
Continue reading...

The FTC Gang’s All Here, and Has Addressed Claims regarding GDPR Compliance

As we noted in a previous post, the United States Senate has confirmed five new commissioners, bringing a full complement to the Federal Trade Commission (FTC). Four of those commissioners have taken their seats, with the fifth likely to join in the Fall. Earlier this month, the “new” FTC signaled a continued commitment to act in the area of data privacy and security by reaching a settlement with a California company regarding false claims regarding compliance with the European Union-United States Privacy Shield framework
Continue reading...

Understanding the California Consumer Privacy Act (CCPA): Part Two

The California Consumer Privacy Act of 2018 (CCPA) signed into law on June 28, 2018 is the nation’s toughest privacy law to date and could serve as a model for other states.With 18 months to go before its implementation, many things could happen prior to its effective date to change its current form and anticipated effect.  But before contemplating any changes, it’s important to understand its present form. Who Is Regulated by the CCPA The CCPA will regulate “Businesses,” defined as for-profit entities that have…
Continue reading...

Sixth Circuit Uses Every Tool in the Box To Build Case for Coverage for Defrauded Policyholder

July 12, 2018, we reported on the Medidata decision handed down by the Second Circuit in which the court found coverage for a claim resulting from social engineering fraud. We suggested the ruling in Medidata lacks persuasive power due to its unusual factual circumstances and atypical policy language. The Sixth Circuit’s decision in American Tooling Center, Inc. v. Travelers Casualty & Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), will have more persuasive power, but due to…
Continue reading...

Fourth Circuit Weighs in on the Evolving Law of Standing in Data Breach Litigation to Hold that Misuse of Stolen Data Confers Standing

While data breach lawyers wait for the U.S. Supreme Court to more clearly define when a hack confers standing on the individual whose personally identifying information (PII) is stolen, the Circuit Courts of Appeals continue to choose sides over a useful standard. On June 12, 2018, the Fourth Circuit weighed in to hold that the individual has standing when the data is actually misused, such as when the hackers open fraudulent credit cards with the stolen PII, and the individual spends time and resources on…
Continue reading...

Second Circuit’s Decision Upholding Social Engineering Fraud Coverage Likely a Paper Tiger

In a case closely monitored by the insurance industry, the Second Circuit upheld in a non-precedential summary order a New York federal district court’s summary judgment finding coverage under the computer fraud coverage of a commercial crime policy. Medidata Solutions, Inc. v. Fed. Ins. Co., No. 17-2492, 2018 WL 3339245 (2d Cir. 2018). Although the policyholders are apt to tout the decision as a seismic victory, the atypical policy language and factual circumstances should greatly limit its persuasive value. As background, the insured, Medidata…
Continue reading...

Understanding the California Consumer Privacy Act (CCPA): Part One

In 2020, California Consumers will be granted new online privacy protections under a first-of-its-kind California law. A sweeping new privacy law — the California Consumer Privacy Act of 2018 (CCPA) is the nation’s toughest privacy law and could serve as a model for other states. The bill came to a vote in both houses on June 28, 2018. The assembly voted 69-0 to approve it shortly after the Senate approved it 36-0 , and was signed by Gov. Jerry Brown the same day. The CCPA…
Continue reading...