Facebook Continues Playing the Globalist Game

Facebook once again recently taught us that it may be easier to avoid a law, than to comply with it. On April 17, 2018, Facebook confirmed that to meet its mission to comply “in spirit” with “the whole” of the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018, Facebook is effectively moving data for approximately 1.5 million users outside the reach of the law.  By offering “new privacy experiences” complete with updated terms of service
Continue reading...

Consumers Have Standing for Data Breach Claims against Barnes & Noble

The Court of Appeals for the Seventh Circuit has issued its second decision in favor of consumers bringing claims against retailers for injuries following cyber attacks exposing sensitive consumer information in Diefenbach v. Barnes & Noble, Inc. On April 11, 2018 the court resurrected the class action brought against the book retailer by consumers whose debit card information was hacked in 2012. Specifically, the court ruled that the named plaintiffs properly alleged an injury under state consumer protection laws, including lost time, cost of…
Continue reading...

Facebook Faces a Bombardment of Lawsuits Over Handling of Personal Information

Facebook is facing yet another class action lawsuit in the wake of the well-publicized Cambridge Analytica scandal. The lawsuit, filed in the Northern District of California near the company’s Menlo Park headquarters, follows close on the heels of Facebook’s admission that the personal information of a large number of its users was collected via a personality quiz app named “This is Your Digital Life” and shared with Cambridge Analytica. The app harvested the personal information of not only those who used it, but also millions…
Continue reading...

New York AG Seeks to Require Privacy Violation Notifications

While the law has adapted to the reality of cyberattacks and data breaches, in the wake of recent revelations about Facebook use of personal information, New York’s Attorney General intends to propose legislation to address Privacy Violations — where personal information is obtained or used by organizations in violation of a platform’s terms of service, or the law. Facebook has recently acknowledged that data analytics firm Cambridge Analytica collected personal information of 50 million Facebook users without their consent as part of a political influence…
Continue reading...

Better Late Than Never — Time to Get Those Cybersecurity Certifications of Compliance into NYDFS

If you are an individual or company regulated by the New York State Department of Financial Services (NYDFS), you may have received an email from NYDFS reminding you to submit your Certification of Compliance as soon as possible. New York’s relatively new cybersecurity regulation, 23 NYCRR 500 (the Regulation), requires all people and companies covered by the Regulation (Covered Entities) to file an annual statement by February 15 certifying that the entity was compliant (Certification of Compliance) with the Regulation as of December 31 of…
Continue reading...

Study Finds Nearly Eighty Percent of Respondents Lack Formal Incident Response Plan on Cyberattacks

IBM Security has announced the staggering findings of the third-annual benchmark study on Cyber Resilience — an organization’s ability to maintain its core purpose and integrity in the face of cyberattacks. Conducted by the Ponemon Institute and sponsored by IBM Resilient, more than 2,800 security and IT professionals were surveyed around the world in preparation of “The 2018 Cyber Resilient Organization.” The study found that many organizations continue to be ill-prepared for a cyberattack. Some of the more staggering findings are as follows:
  • 77 percent

Continue reading...

New York’s New Cyber Law Is Beginning to Byte

In late 2016, in response to the “ever-growing threat” posed to information and financial systems, the New York State Department of Financial Services (DFS) proposed cybersecurity regulations to “promote the protection of customer information and information technology systems of regulated entities.” The DFS defined “covered entities” as any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law of New York.  Banks, insurance companies, and…
Continue reading...

DFS Partially Clarifies Who Qualifies for an Exemption Under Cybersecurity Regulation

By the terms of 23 NYCRR 500.19(e), Covered Entities that have determined they qualify for a limited exemption from compliance under 23 NYCRR 500.19(a)-(d) of New York’s new Cybersecurity Regulation — as of August 28, 2017 — are required to file a Notice of Exemption with the New York Department of Financial Services (NYDFS) on or prior to September 28, 2017. The first compliance date of August 28, 2017 in New York’s cybersecurity regulation, and the date for Covered Entities to determine whether they qualify…
Continue reading...

Don’t Be Held Hostage by Ransomware

Chair of Goldberg Segalla’s Cyber Risk Practice Group, John J. Jablonski, Esq., offers insights on avoiding a ransomeware attack in a recent blog post for the Pennsylvania Institute of Certified Public Accountants, accessible here. John will also be sharing his insights on cybersecurity at the PICPA Data Privacy and Security for Professional Service Organizations program in Philadelphia on May 24.…
Continue reading...