Key Upcoming Deadlines under the New York DFS Cybersecurity Regulation

When New York’s landmark cybersecurity regulation became effective back in March 2017, the Department of Financial Services (DFS) implemented a two-year timeline for implementation of the regulation’s requirements, with a final compliance deadline of March 1, 2019.  Entities covered by the wide-sweeping regulation should remember filing their first certificate of compliance in February of last year.  The two-year implementation period is almost over, and once again, important deadlines are now quickly approaching.  “Covered Entities” (banks, insurance companies, and other financial services institutions and…
Continue reading...

San Francisco Legislation Would Ban the City’s Use of Facial Recognition Technology

Over the last few years, there has been a marked increase in legislation regulating the collection and retention of individuals’ biometric information.  For instance, Illinois, Texas, and Washington have enacted legislation regarding the collection of biometric information, and the European Union’s General Data Protection Regulation broadly regulates the collection of biometric data.  In San Francisco, one motivated municipal lawmaker with similar concerns relating to privacy and the disproportionate impact surveillance has had on certain communities proposed a bill that would regulate how the city uses…
Continue reading...

Absence of DOJ Regulations Does Not Bar Liability for Failure to Comply with the ADA

In the face of an ever-growing number of lawsuits based upon allegedly non-ADA compliant website designs, defendants have enjoyed little success obtaining dismissal at the pleadings stage of proceedings. One lingering glimmer of hope had been the viability of a due process argument premised upon the “primary jurisdiction” defense, which formed the basis of Judge Otero’s decision dismissing the plaintiff’s complaint in Robles v. Domino’s Pizza, LLC. In short, the defendant argued that the plaintiff’s action must be either stayed or dismissed because the…
Continue reading...

As If 200 Class Action Lawsuits Weren’t Enough…

The Illinois Supreme Court finally made its long awaited ruling on standing to sue under the Illinois Biometric Information Privacy Act (BIPA), siding with the class action representative in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, and allowing persons having suffered no actual injury to maintain a cause of action under BIPA.  BIPA has already given rise to 200+ putative class action lawsuits against businesses nationwide, including those with any measureable operation in Illinois. Businesses have fought back, arguing that BIPA’s private…
Continue reading...

Data Privacy Best Practices on Data Privacy Day

Data Privacy Day is the perfect time to make sure that you – and your company’s employees – are practices data privacy best practices.  We’ve put together a list if best practices to keep your data secure:
  • Develop a data protection plan, including privacy policies, terms of use for online devices, data breach plans, and an assessment of your company’s current cybersecurity practices and weaknesses. 
  • Keep software up to date.  This might seem obvious, but it’s a surprisingly common pratfall.  This includes not

Continue reading...

National Counterintelligence and Security Center Launches Effort to Protect Industry Against State Actors

On January 7, 2019, the National Counterintelligence and Security Center (NCSC), which coordinates counter-intelligence efforts within the U.S. government, announced that it would begin disseminating its “Know the Risk, Raise Your Shield” materials in an effort to assist the private sector in guarding against threats from foreign intelligence entities and other adversaries.  This campaign appears to have been prompted by the Trump administration’s efforts to drive U.S. companies to better protect their trade secrets from foreign hackers.  This comes on the heels of recent cyber-attacks…
Continue reading...

Department of Health and Human Services Releases Cybersecurity Guide for Healthcare Providers

Over a year of collaboration between the Department of Health and Human Services (HHS) and industry partners has culminated in the publication of a cybersecurity guide for medical providers of all sizes. HHS describes it as “a set of voluntary, consensus-based principles and practices to improve cybersecurity in the health sector,” that looks to “raise the cybersecurity floor” across the country. Although the guide emphasizes its wide applicability, much of the discussion appears directed at small and mid-sized providers. For example, HHS highlights a recent…
Continue reading...

2018 Year in Review: Major Brands Falling Under Attack

After tallying them all up, 2018’s cyber attacks might not have come across as anything new to most individuals. However, while the number of people affected by data breaches in 2018 did not necessarily hit new records, the volume of attacks and as well as the number of individuals affected still signifies that this is a problem that won’t be going away any time soon. In 2018, billions of individuals were affected by data breaches. Cyber attacks increased by 32 percent over the prior year…
Continue reading...

TSA Releases Cybersecurity Roadmap to Guard Against Evolving Cyber Threats

The Transportation Security Agency (TSA) has released its first Cybersecurity Roadmap to prioritize cybersecurity measures within the TSA and the nation’s transportation system, the Transportation Systems Sector (TSS). The TSA’ Cybersecurity Roadmap closely aligns with the more general DHS Cybersecurity Strategy published earlier this year. The roadmap notes that TSA’s mission responsibilities include: (1) securing its own networks, and (2) working with its partners and TSS stakeholders, in coordination with the Department of Homeland Security (DHS), to secure its cyberspace. In order to ensure cybersecurity…
Continue reading...

Congress Concludes Additional Federal Oversight Needed after Equifax Data Breach

“Equifax…failed to implement an adequate security program to protect this sensitive data…Such a breach was entirely preventable.” So concludes the December 2018 report on “The Equifax Data Breach” by the U.S. House of Representatives Committee on Oversight and Government Reform. The cause, according to the report, was Equifax’s “acquisition strategy [to benefit] bottom line and stock price,” which “growth brought increasing complexity to Equifax’s IT systems, and expanded data security risks.” Risks, it seems, Equifax did not manage. In 2017, the Department of Homeland Security…
Continue reading...