Why Not Cyberinsurance?

A July 2018 Market Watch Survey by the Council of Insurance Agent & Brokers revealed that only 32 percent of respondents purchased some form of cyber coverage in the past six months. And, 70 percent of U.S. healthcare firms have elected against carrying cyberinsurance. Incredible, right? With reports that cyberattacks affect businesses of all types, sizes, geographies, and industries, no business should prepare to shoulder the entire load should it suffer a breach.This is especially so, as evidence mounts that hackers can cause property
Continue reading...

Embracing Data Security Can Avoid Penalties, and Gain Consumer Trust

The European Union’s (EU) General Data Protection Regulation (GDPR) is now in force, governing data protection and privacy for all individuals within the EU. Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy Group compiled a white paper to answer frequently asked questions and offer practical guidance related to the GDPR, which can be found here. Multinational firms based in the US with a presence in the EU, including restaurant chains, have (or should have) implemented policies to comply with the GDPR, and avoid the…
Continue reading...

It’s OK to Cry Over Spilled Credentials

From a young age, we are taught not to cry over spilled milk. We inevitably come to learn that this euphemism is generally intended to have a broader application than dairy beverages, and also learn that crying is sometimes an acceptable response so long as it is followed by a corrective action. It follows that spilled credentials may warrant some tears, but a recent study by Shape Security suggests that there currently is no comprehensive solution to address this problem. We are not to suggesting…
Continue reading...

Compliance Deadline Approaching for NY Cybersecurity Regulation

A key compliance date for the NY Cybersecurity Regulation is quickly approaching. September 4, 2018 will serve as the third key implementation date for individuals and companies (Covered Entities) governed by New York’s Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500). Unless the Covered Entity qualifies for one of the exemptions under 23 NYCRR 500.19, by September 4, all Covered Entities must have completed the following*:
  • create and maintain systems that can reconstruct material financial transactions to support and maintain the obligations of

Continue reading...

Encouraging Greetings from BlackHat USA 2018: the world’s leading information security event in Las Vegas, Nevada

As this author, and 10,000+ other attendees were reminded yesterday at Day One of the BlackHat USA 2018 conference in Las Vegas, Nevada, cybersecurity (and data protection) has extended beyond a technical issue to encompass one of the most pressing social and political problems in the world today. For those technical specialists who create, maintain and secure the digital space in which we not only conduct business, but also live a significant portion of our lives, the message was clear: only by collaborating with other…
Continue reading...

DHS’s National Risk Management Center to Protect Against Cybersecurity Threats to Critical Infrastructure.

On July 31, the U.S. Department of Homeland Security (DHS) announced the creation of the National Risk Management Center (NRMC), which will focus on evaluating cyber threats and defending critical United States infrastructure. The NRMC will have responsibility for coordination at a national level to protect banks, utilities, telecoms, and similar infrastructures from cybersecurity threats including attacks from nation states like Russia. Specifically, DHS states that the NRMC will:
  • identify, assess, and prioritize efforts to reduce risks to national critical functions, which enable national and

Continue reading...

The GDPR Question and Answer Guide

Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy, Global Insurance Services, and other practice groups have fielded countless questions from clients and colleagues curious (or concerned) about the European Union’s (EU) General Data Protection Regulation (GDPR), the landmark legislation governing data protection and privacy for all individuals within the European Union, as well as the export of all data from the EU and European Economic Area (EEA). Here, we answer the most frequently asked questions pertaining to the GDPR’s who, what, when, where, how, and…
Continue reading...

The FTC Gang’s All Here

As we noted in a previous post, the United States Senate has confirmed five new commissioners, bringing a full complement to the Federal Trade Commission (FTC). Four of those commissioners have taken their seats, with the fifth likely to join in the Fall. Earlier this month, the “new” FTC signaled a continued commitment to act in the area of data privacy and security by reaching a settlement with a California company regarding false claims regarding compliance with the European Union-United States Privacy Shield framework
Continue reading...

Understanding the California Consumer Privacy Act (CCPA): Part Two

The California Consumer Privacy Act of 2018 (CCPA) signed into law on June 28, 2018 is the nation’s toughest privacy law to date and could serve as a model for other states.With 18 months to go before its implementation, many things could happen prior to its effective date to change its current form and anticipated effect.  But before contemplating any changes, it’s important to understand its present form. Who Is Regulated by the CCPA The CCPA will regulate “Businesses,” defined as for-profit entities that have…
Continue reading...

Sixth Circuit Uses Every Tool in the Box To Build Case for Coverage for Defrauded Policyholder

July 12, 2018, we reported on the Medidata decision handed down by the Second Circuit in which the court found coverage for a claim resulting from social engineering fraud. We suggested the ruling in Medidata lacks persuasive power due to its unusual factual circumstances and atypical policy language. The Sixth Circuit’s decision in American Tooling Center, Inc. v. Travelers Casualty & Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), will have more persuasive power, but due to…
Continue reading...