Health Care Organizations Seek Regulatory Changes To Improve Access To Cybersecurity Tools

Cybersecurity presents thorny problems specific to healthcare organizations. Not only are their protection of personal health information strictly regulated by the HIPAA and HITECH laws, but such organizations are also more frequently the targets of cyberattacks due in part to the highly personal information collected by such organizations, and in part due to the relative lack of resources available to battle cyber-threats. One set of healthcare regulations not directly related to cybersecurity, the Stark anti-kickback law, has potentially hindered healthcare organizations in adapting to an… Continue Reading

Cyber Survey Underscores Perspective of In-House Lawyers

In May, the Association of Corporate Counsel (ACC) Foundation released its “State of Cybersecurity Report: An In-House Perspective,” This report conveys the results of the organization’s far-ranging survey on this topic. In addition to the statistics elicited from 617 in-house lawyers (based in 33 countries), the report also includes many comments from the respondents. This report is full of interesting statistics.  Some of the highlights include:
  • One in three respondents indicated that either their current company or a previous employer had experienced a
Continue Reading

Embracing Data Security Can Avoid Penalties, and Gain Consumer Trust

The European Union’s (EU) General Data Protection Regulation (GDPR) is now in force, governing data protection and privacy for all individuals within the EU. Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy Group compiled a white paper to answer frequently asked questions and offer practical guidance related to the GDPR, which can be found here. Multinational firms based in the US with a presence in the EU, including restaurant chains, have (or should have) implemented policies to comply with the GDPR, and avoid the… Continue Reading

It’s OK to Cry Over Spilled Credentials

From a young age, we are taught not to cry over spilled milk. We inevitably come to learn that this euphemism is generally intended to have a broader application than dairy beverages, and also learn that crying is sometimes an acceptable response so long as it is followed by a corrective action. It follows that spilled credentials may warrant some tears, but a recent study by Shape Security suggests that there currently is no comprehensive solution to address this problem. We are not to suggesting… Continue Reading

Compliance Deadline Approaching for NY Cybersecurity Regulation

A key compliance date for the NY Cybersecurity Regulation is quickly approaching. September 4, 2018 will serve as the third key implementation date for individuals and companies (Covered Entities) governed by New York’s Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500). Unless the Covered Entity qualifies for one of the exemptions under 23 NYCRR 500.19, by September 4, all Covered Entities must have completed the following*:
  • create and maintain systems that can reconstruct material financial transactions to support and maintain the obligations of
Continue Reading

Encouraging Greetings from BlackHat USA 2018: the world’s leading information security event in Las Vegas, Nevada

As this author, and 10,000+ other attendees were reminded yesterday at Day One of the BlackHat USA 2018 conference in Las Vegas, Nevada, cybersecurity (and data protection) has extended beyond a technical issue to encompass one of the most pressing social and political problems in the world today. For those technical specialists who create, maintain and secure the digital space in which we not only conduct business, but also live a significant portion of our lives, the message was clear: only by collaborating with other… Continue Reading

DHS’s National Risk Management Center to Protect Against Cybersecurity Threats to Critical Infrastructure.

On July 31, the U.S. Department of Homeland Security (DHS) announced the creation of the National Risk Management Center (NRMC), which will focus on evaluating cyber threats and defending critical United States infrastructure. The NRMC will have responsibility for coordination at a national level to protect banks, utilities, telecoms, and similar infrastructures from cybersecurity threats including attacks from nation states like Russia. Specifically, DHS states that the NRMC will:
  • identify, assess, and prioritize efforts to reduce risks to national critical functions, which enable national and
Continue Reading

The GDPR Question and Answer Guide

Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy, Global Insurance Services, and other practice groups have fielded countless questions from clients and colleagues curious (or concerned) about the European Union’s (EU) General Data Protection Regulation (GDPR), the landmark legislation governing data protection and privacy for all individuals within the European Union, as well as the export of all data from the EU and European Economic Area (EEA). Here, we answer the most frequently asked questions pertaining to the GDPR’s who, what, when, where, how, and… Continue Reading

The FTC Gang’s All Here

As we noted in a previous post, the United States Senate has confirmed five new commissioners, bringing a full complement to the Federal Trade Commission (FTC). Four of those commissioners have taken their seats, with the fifth likely to join in the Fall. Earlier this month, the “new” FTC signaled a continued commitment to act in the area of data privacy and security by reaching a settlement with a California company regarding false claims regarding compliance with the European Union-United States Privacy Shield frameworkContinue Reading

Understanding the California Consumer Privacy Act (CCPA): Part Two

The California Consumer Privacy Act of 2018 (CCPA) signed into law on June 28, 2018 is the nation’s toughest privacy law to date and could serve as a model for other states.With 18 months to go before its implementation, many things could happen prior to its effective date to change its current form and anticipated effect.  But before contemplating any changes, it’s important to understand its present form. Who Is Regulated by the CCPA The CCPA will regulate “Businesses,” defined as for-profit entities that have… Continue Reading