Fifth Circuit Shops for Implicit Allegations Wrongdoing Against Liquor Store Chain To Avoid Policy Exclusion

The Fifth Circuit Court of Appeals in Spec’s Family Partners, Ltd. v. Hanover Insurance Co. (No. 17-20263, Jun. 25, 2018), afforded a contractual liability exclusion a narrow interpretation to deny an insurer judgment in its favor.  The coverage litigation resulted from Hanover Insurance Company’s (Insurer) refusal to pay Spec’s Family Partners’ (Spec’s) litigation costs in connection with a payment card industry (PCI) liability dispute between Spec’s and First Data Merchant Services, LLC (First Data) following a data breach. The Spec’s credit card network had been…
Continue reading...

New York Cybersecurity Regulations Extended to Credit Reporting Agencies

This week, Governor Cuomo has directed the Department of Financial Services to issue a final regulation requiring credit reporting agencies to comply with cybersecurity regulations applied to financial service companies, previously adopted in 23 NYCRR 500, et seq. The new regulation, 23 NYCRR 201, et seq., obligates credit agencies reporting on 1,000 or more New York consumers to register annually with the DFS, and, beginning November 1, 2018, to comply the previously adopted standards, including adoption of a cybersecurity program and CISO, and other controls.…
Continue reading...

Should American Companies Be Worried About Security Risks Posed By Chinese Telecoms?

Members of Congress from both sides of the aisle recently wrote a letter to Google to express “concerns” about its strategic partnership with Chinese telecommunications companies such as Huawei Technologies, based on security risks related to state-sponsored espionage. As noted by the lawmakers, the heads of the CIA, NSA, FBI, and Defense Intelligence Agency have voiced similar concerns that smartphones made by China’s two largest manufacturers, Hauwei and ZTE., pose a security threat to American customers.  Moreover, the UK’s National Cyber Security Centre found that…
Continue reading...

Supreme Court Recognizes Expectation of Privacy Regarding Cellphone Location Data

On Friday, June 22, 2018, in a 5-4 split, the Supreme Court in Carpenter v. United Statesheld that the government usually needs a warrant to access an individual’s historical cellphone location data held by third-party carriers. The court rejected the government’s argument that an individual does not have a legitimate expectation of privacy under the Fourth Amendment concerning the location data that third-party carriers collect and keep.  This data, essentially logs of the location of cellphone towers used to route calls to and…
Continue reading...

An Insurer’s Guide to Navigating the Legal Landmines of Cybersecurity Regulation

Cybersecurity is front and center now, especially for the financial services industry which includes insurance and reinsurance companies, among others.  States and regulators are passing laws and promulgating regulations designed to protect customer data in the possession of insurers and their associates. These new statutes and regulations aimed at the insurance industry are in addition to the myriad of other requirements imposed by government for the protection of this data. Aaron J. Aisen, co-chair of the regulatory sub-practice group in the Global Insurance Services
Continue reading...

Shared InfoSec Language Fosters Shared InfoSec Goals

While most business leaders agree that cybersecurity has significant value, determining exactly where and how to spend company dollars on training and infrastructure continues to be a point of disagreement within organizations. Intelligent communication using a shared vocabulary, according to a recent Focal Point Data Risk report by the Cyentia Institute, is vital to achieving consensus, and a comprehensive security plan. As the barriers between the c-suite and IS department continue to diminish, thanks, in part, to widespread adoption of a chief information security officer…
Continue reading...

Amazon’s Facial Recognition Software Sparks Privacy Concerns

The recent television series Person of Interest, which aired between 2011 and 2016, was premised upon an artificial intelligence (AI) program that could recognize patterns to determine individuals who may become victims of violent crimes. Facial recognition was one of the machine’s abilities, allowing the show’s protagonists to locate and track individuals in and throughout New York City.  The AI in Person of Interest is no longer the stuff of television or of the future. Lawmakers and civil rights groups have expressed their concern…
Continue reading...

Litigation Opportunities follow Cryptocurrency Market Vulnerabilities

The Coinrail cryptocurrency exchange based in South Korea fell victim to a “cyber intrusion” causing a 10 percent decrease in bitcoin price, and similar losses across other digital currencies around the globe. Approximately 30 percent of the coins traded on that exchange were “lost” following the attack, valued at approximately $40 million, of which two-thirds were promptly “withdrawn or frozen in partnership with related exchanges and coin companies.” As for the other third, the exchange is reportedly analyzing the server access history, which was…
Continue reading...

The Glacial Movement of Global Cybersecurity

In the pastoral setting of Le Manoir Richelieu in Charlevoix, Quebec, G7 Summit partners met to discuss a broad spectrum of topics, including the shared values of freedom, democracy, the rule of law, a mutual respect for human rights and common commitment to promote a rules-based international order. Amidst the discussions of freedom, democracy and, yes, tariffs, world leaders issued a “Charlevoix G7 Summit Communique,” which advised: “We will work together to enforce existing international rules and develop new rules where needed, to foster a…
Continue reading...

Eleventh Circuit Vacates FTC Order against LabMD as Lacking Specificity Necessary to Protect Due Process Rights

The Court of Appeals for the Eleventh Circuit has overturned an FTC cease and desist order enjoining LabMD to install a reasonable data-security program, issued in response to the disclosure of a single computer file containing personal information regarding 9,300 customers. Agreeing with arguments from the now-defunct LabMD, the court determined “that the order is unenforceable because it does not direct LabMD to cease committing an unfair act or practice within the meaning of Section 5(a)” of the Federal Trade Commission Act (15 U.S.C. §…
Continue reading...