LATEST INSIGHTS

Cyber Attacks

Targeting Public Services: How Municipalities and Gas Pipelines are Vulnerable to Cyberattacks

While the Facebook / Cambridge Analytica scandal has captured the public’s attention, two significant attacks on the City of Atlanta and natural-gas pipeline operators illustrate risk to fundamental human services, including law enforcement and consumer energy. On March, 22 2018, the City of Atlanta reported a ransomware cyberattack on government network servers, including servers hosting data for the Atlanta Police Department, preventing government employees from accessing information necessary to perform their duties. In particular, the police department was effectively handcuffed, and unable to access evidence… Continue Reading
Data Privacy

Facebook Continues Playing the Globalist Game

Facebook once again recently taught us that it may be easier to avoid a law, than to comply with it. On April 17, 2018, Facebook confirmed that to meet its mission to comply “in spirit” with “the whole” of the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018, Facebook is effectively moving data for approximately 1.5 million users outside the reach of the law.  By offering “new privacy experiences” complete with updated terms of service Continue Reading
Cyber Attacks

Consumers Have Standing for Data Breach Claims against Barnes & Noble

The Court of Appeals for the Seventh Circuit has issued its second decision in favor of consumers bringing claims against retailers for injuries following cyber attacks exposing sensitive consumer information in Diefenbach v. Barnes & Noble, Inc. On April 11, 2018 the court resurrected the class action brought against the book retailer by consumers whose debit card information was hacked in 2012. Specifically, the court ruled that the named plaintiffs properly alleged an injury under state consumer protection laws, including lost time, cost of… Continue Reading
Data Privacy

Facebook Faces a Bombardment of Lawsuits Over Handling of Personal Information

Facebook is facing yet another class action lawsuit in the wake of the well-publicized Cambridge Analytica scandal. The lawsuit, filed in the Northern District of California near the company’s Menlo Park headquarters, follows close on the heels of Facebook’s admission that the personal information of a large number of its users was collected via a personality quiz app named “This is Your Digital Life” and shared with Cambridge Analytica. The app harvested the personal information of not only those who used it, but also millions… Continue Reading
Cyber Attacks / Legislation

New York AG Seeks to Require Privacy Violation Notifications

While the law has adapted to the reality of cyberattacks and data breaches, in the wake of recent revelations about Facebook use of personal information, New York’s Attorney General intends to propose legislation to address Privacy Violations — where personal information is obtained or used by organizations in violation of a platform’s terms of service, or the law. Facebook has recently acknowledged that data analytics firm Cambridge Analytica collected personal information of 50 million Facebook users without their consent as part of a political influence… Continue Reading
Cybersecurity

Better Late Than Never — Time to Get Those Cybersecurity Certifications of Compliance into NYDFS

If you are an individual or company regulated by the New York State Department of Financial Services (NYDFS), you may have received an email from NYDFS reminding you to submit your Certification of Compliance as soon as possible. New York’s relatively new cybersecurity regulation, 23 NYCRR 500 (the Regulation), requires all people and companies covered by the Regulation (Covered Entities) to file an annual statement by February 15 certifying that the entity was compliant (Certification of Compliance) with the Regulation as of December 31 of… Continue Reading
Cyber Attacks / Cybersecurity

Study Finds Nearly Eighty Percent of Respondents Lack Formal Incident Response Plan on Cyberattacks

IBM Security has announced the staggering findings of the third-annual benchmark study on Cyber Resilience — an organization’s ability to maintain its core purpose and integrity in the face of cyberattacks. Conducted by the Ponemon Institute and sponsored by IBM Resilient, more than 2,800 security and IT professionals were surveyed around the world in preparation of “The 2018 Cyber Resilient Organization.” The study found that many organizations continue to be ill-prepared for a cyberattack. Some of the more staggering findings are as follows:
  • 77 percent
Continue Reading
Cybersecurity / Legislation

New York’s New Cyber Law Is Beginning to Byte

In late 2016, in response to the “ever-growing threat” posed to information and financial systems, the New York State Department of Financial Services (DFS) proposed cybersecurity regulations to “promote the protection of customer information and information technology systems of regulated entities.” The DFS defined “covered entities” as any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law of New York.  Banks, insurance companies, and… Continue Reading
Cybersecurity

NIST releases Risk Management Framework 2.0- combines Privacy, Security and Supply Chain into One

The National Institute of Standards and Technology (NIST) has released the final version of its updated Risk Management Framework (RMF 2.0) addressing both privacy and security concerns around IT risk management.1 A risk management framework (RMF) is the structured process used to identify potential threats to an organization and to define the strategy for eliminating or minimizing the impact of these risks, as well as the mechanisms to effectively monitor and evaluate this strategy. Officials say the updates are the first NIST publication to address… Continue Reading
Regulation

DFS Partially Clarifies Who Qualifies for an Exemption Under Cybersecurity Regulation

By the terms of 23 NYCRR 500.19(e), Covered Entities that have determined they qualify for a limited exemption from compliance under 23 NYCRR 500.19(a)-(d) of New York’s new Cybersecurity Regulation — as of August 28, 2017 — are required to file a Notice of Exemption with the New York Department of Financial Services (NYDFS) on or prior to September 28, 2017. The first compliance date of August 28, 2017 in New York’s cybersecurity regulation, and the date for Covered Entities to determine whether they qualify… Continue Reading