Tag Archives: cybersecurity

California Consumer Privacy Act Amendment Signed Into Law

On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. As we reported previously, CCPA will apply to any entity that does business in the State of California and satisfies one or more of … Continue Reading

Arizona Updates Its Data Breach Notification Law

Last month, South Dakota and Alabama became the final two states to enact a data breach notification law. In addition, many other states, in response to trends, heightened public awareness, and a string of large-scale data breaches, have continued amending their existing laws. Arizona is the latest state to update its data breach notification law to … Continue Reading

Are You Covered?

  The New Jersey State Bar Association recently met to discuss, among other things, our favorite topic: Cybersecurity. (Perhaps our esteemed Privacy, e-Communication and Data Security Practice Group chair was there….) We wanted to briefly mention two critical points discussed: Critical Point #1: The biggest risk out there is employees. We employees click on all … Continue Reading

The FTC Announces a National Cybersecurity Education Campaign for Small Businesses

The Federal Trade Commission (FTC) recently announced that it will launch a national education campaign to aid the small business sector in strengthening its cybersecurity and protecting its sensitive and personal data. The national education campaign builds on the FTC’s 2017 Small Business Initiative which included the creation of a new website: FTC.gov/SmallBusiness aimed at … Continue Reading

What’s Been Going on in New York Cyber Regulation since New York’s “first-of-their-kind” DFS regulations?

Co-Author: Thomas Buchan As reported in our blog post from November 6, 2017, the New York State Attorney General announced the release of the proposed Shield Act in early November, 2017. This new legislation (we have some links for you below) would make significant changes to New York’s cybersecurity provisions (primarily under General Business Law … Continue Reading

NIST Releases Updated Version of Its Cybersecurity Framework

On April 17th, the National Institute of Standards and Technology (“NIST”), a component of the U.S. Commerce Department, released Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework Version 1.1”), which incorporates feedback from NIST-led workshops, public comments, and questions received by NIST team members over the last two years. The Cybersecurity … Continue Reading

Cost-Benefit Analysis 101 for Healthcare Providers

Nary a week goes by without news of a data breach by a healthcare provider…while there are certainly a good number of breaches resulting from a breach of cybersecurity defenses or from the wrongful exploitation of system security weaknesses, there is still a risk to healthcare providers resulting from the internal operations of the healthcare … Continue Reading

Upcoming Deadlines for Covered Entities Subject to NYS DFS Cybersecurity Regulations

Last week, the New York State Department of Financial Services (“DFS”) issued a press release to remind covered entities of an upcoming deadline under the DFS cybersecurity regulations.  The next deadline under the regulations is February 15, 2018 – by that date, any covered entities (hopefully, you know who you are) must submit a statement … Continue Reading

Lessons To Be Learned From The Breach Of Nearly 500,000 Individual Health Records Reported In September 2017

A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the Department of Health and Human Services’ Office for Civil Rights in September 2017.  Healthcare providers suffered the most breaches with … Continue Reading

SCOTUS Will Not Review CFAA Password Sharing Case

The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to access his former employer’s … Continue Reading

New York AG Announces SHIELD Act

On November 2nd, New York Attorney General Eric T. Schneiderman announced his proposal of the SHIELD Act – Stop Hacks and Improve Electronic Data Security Act – a bill that would heighten data security requirements for companies and better protect New York residents from data breaches of their personal information. “It’s clear that New York’s … Continue Reading

Industry Report calls for National Internet of Things Strategy

A coalition of the Information Technology Industry Council, the Semiconductor Industry Association, the U.S. Chamber of Commerce Technology Engagement Center, Intel, and Samsung, recently released a report that puts out a call for the creation and implementation of a national strategy to invest, innovate and accelerate development and deployment of the Internet of Things (“IoT”). … Continue Reading

And Now, in Recent New York Cybersecurity Action…

New York State Governor Andrew Cuomo and the New York State Department of Financial Services (“DFS”) have been busy on the cybersecurity front. In a press release on September 18, 2017, building upon the state’s pride in its “first-in-the-nation” cybersecurity regulations that were passed earlier this year, (which we previously discussed on our blog and … Continue Reading

Data Breach Preparedness: A critical risk management priority for small and mid-sized businesses

After hearing a lot lately about big companies suffering data breaches, it is important to remember that, according to inc.com, half of all cyberattacks target small to mid-sized businesses (SMBs). Based on a 2016 State of SMB Cybersecurity Report, CNBC reported that in the prior 12 months half of all SMBs in the U.S. had been hacked. … Continue Reading

Timeline for Compliance with New DFS Cybersecurity Regulations

The deadline to comply with the first set of requirements under the new DFS Cybersecurity Regulations (“the Regulations”) is here! By today, August 28, 2017, businesses subject to the Regulations must ensure that they: Designate a Chief Information Security Officer (“CISO”) Establish a Cybersecurity Program Develop a Written Cybersecurity Policy. We have prepared an article … Continue Reading

Delaware: The Latest State to Amend its Data Breach Notification Law

Delaware joins the growing number of states that recently amended their data breach notification law. On August 17th, Delaware amended its data breach notification law with House Bill 180, the first significant change since 2005, effective 240 days after enactment (on or about April 14, 2018).  Delaware maintains the state law trend of requiring businesses … Continue Reading

Artificial Intelligence Enabled Cybersecurity Systems

The use of artificial intelligence (AI) enabled cybersecurity systems is increasing dramatically. By 2018, sixty-two percent of all companies are projected to use AI technologies. The use of AI cybersecurity systems provides greater efficiency through automation, the ability to evaluate larger data sets and, in many cases, a faster way to identify the “cyberattack needle … Continue Reading

Public-Private Partnerships Could Bolster Healthcare Cybersecurity Efforts

Protecting data in the healthcare industry continues to be an area of focus for regulators and lawmakers. HIPAA Journal noted that in 2016 more HIPAA covered entities reported breaches than in any other year since the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights started publishing breach summaries on its “Wall … Continue Reading

Global Cyberattack Exploits Known Vulnerabilities

As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also … Continue Reading

Law Firms: Updated Cybersecurity Primer and Other Resources

Several years ago, we published a short primer for law firms intending to provide a brief discussion of key cybersecurity issues, including some helpful steps for safeguarding the client personal and confidential information they maintain. Since then, attacks against firms have increased, ethical rules are tightening, and clients are growing concerned.  In at least one … Continue Reading

President Trump’s Executive Order on Cybersecurity…

On May 11, 2017 – after weeks of anticipation – the White House released an Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.  There could not be better timing with a global cyberattack unleashing ransomware against governments and companies in nearly 100 countries around the globe. This newly released Executive Order … Continue Reading

BTI Names Jackson Lewis one of the Top Cybersecurity Firms

The BTI Law Firms Best at Cybersecurity 2017, a report issued by the BTI Consulting Group (pdf), lists Jackson Lewis as one of the country’s top law firms for cybersecurity and data privacy. The report was compiled “based solely on in-depth telephone interviews with leading legal decision makers,” representing more than 15 different industry segments … Continue Reading

Will More States Follow New York’s Lead?

As you know if you regularly read this blog, the New York State DFS finally finalized its “first-in-the-nation” cybersecurity rules with an effective date of March 1, 2017. And their reach is quite large: DFS-supervised entities from insurers and banks to mortgage brokers and credit unions (and their third-party service providers) will have to begin … Continue Reading

Companies May Soon Have a New Defense Against Cyber-Attacks

Co-author: Devin Rauchwerger  The Active Cyber Defense Certainty Act is a new bill that is gaining positive bipartisan support and significant interest from business communities, lawmakers and academics. The proposed bill amends the Computer Fraud and Abuse Act which does not provide adequate deterrence for criminal hacking. The new bill is aimed at helping businesses … Continue Reading
LexBlog