New York State Governor Andrew Cuomo and the New York State Department of Financial Services (“DFS”) have been busy on the cybersecurity front. In a press release on September 18, 2017, building upon the state’s pride in its “first-in-the-nation” cybersecurity regulations that were passed earlier this year, (which we previously discussed on our blog and
safeguards
Delaware: The Latest State to Amend its Data Breach Notification Law
Delaware joins the growing number of states that recently amended their data breach notification law. On August 17th, Delaware amended its data breach notification law with House Bill 180, the first significant change since 2005, effective 240 days after enactment (on or about April 14, 2018).
Delaware maintains the state law trend…
Top 10 for 2017 – Happy Data Privacy Day
In honor of Data Privacy Day, we provide the following “Top 10 for 2017.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017.
1. Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or…
CFTC Approves Proposed Cybersecurity Regulations
…
Best Practices For Gramm-Leach-Bliley Compliance
The U.S. Commodity Futures Trading Commission (Commission) issued a Staff Advisory on best practices for financial institutions that must comply with Gramm-Leach-Bliley Act (GLBA) provisions on data security and customer privacy.
GLBA was enacted to ensure that financial institutions respect the privacy of their customers and protect the security and confidentiality of nonpublic personal information. …
The White House’s Cybersecuirty Legislative Proposal
Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks. While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously…
The Commercial Privacy Bill of Rights Act
Two Senators who clearly did not let the potential government work stoppage affect them, formally introduced the Commercial Privacy Bill of Rights Act of 2011 on April 12. In a bipartisan effort, Senators John Kerry (D-Mass.) and John McCain (R-Arizona) introduced the legislation which sets forth privacy rules governing businesses that collect, use, or share…
HHS Settlement Follows Enforcement Fine
In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data. This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine. The…
Social Security Number Protection Act of 2010
On December 18, 2010 President Obama signed into law the Social Security Number Protection Act of 2010. The law has two key components.
First, the law establishes that no Federal, State, or local agency may display the Social Security account number of any individuals or any derivative of such number, on any check issued for…