Data Security Law Blog

Visit the Full Blog

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law. Patterson Belknap’s Privacy and Data Security practice provides public and private enterprises, their leadership teams and boards with comprehensive services in this critical area. Our team of experienced litigators, corporate advisors and former federal and state prosecutors advises on a broad range of privacy and data protection matters including cyber preparedness and compliance, data breach response, special board and committee representation, internal investigations, and litigation.

Final DFS Cybersecurity Regulation Issued

New York’s Department of Financial Services issued its final Cybersecurity Regulation last night with an effective date of March 1, 2017. For a comparison between the previous proposal and the final regulation, please click here.

Go

Law Firms and Vendors Mandated to Up Their Cyber Game: Final Installment in a 3-Part Series

This is our final installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation.  In this installment, we provide an overview of the regulation’s impact on third-party vendors and business partners, including law firms.

Go

Cyber Regulation Demands Board Accountability: Part 2 in a 3-Part Series

This is our second installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation.  In this installment, we provide an overview of the regulation’s impact on corporate governance and the scope of liability for corporate boards.

Go

Unpacking New York’s Cybersecurity Regulation: Part 1 in a 3-Part Series

This is the first installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation.  The Patterson Belknap Privacy and Data Security Team has studied the regulation, its legislative and regulatory underpinnings, and practical consequences.

Go

On the Move and At Risk: Safeguards for Mitigating Mobile Device Vulnerabilities While Traveling Overseas

Employees use their smartphones as a key tool for accessing information during a work day – especially when outside the office and traveling on business.  While smartphones, tablets, laptops and other devices may increase productivity by facilitating work flow and communications, a wireless mobile device and related data may be exploited by cybercriminals, and this risk increases significantly when overseas.  Organizations often overlook this increased vulnerability to business, customer, and client data when personnel use their mobile devices to conduct business while travelling outside the United States.  Organizations can mitigate the risk of compromising confidential information, intellectual property, and other sensitive data by adopting best practices for personnel travelling in other countries.

Go

OCC’s Cybersecurity Regulatory Expectations: A Call to Action

Not surprisingly, cybersecurity remains a top examination priority for the Comptroller of the Currency (“OCC”).  And that means national banks and federal savings associations – and their leadership teams – should be prepared for “heightened” focus by OCC examiners in critical areas of cybersecurity risk including banks’ third-party and vendor relationships.

Go

Re-Thinking “Substantial Injury”: The FTC’s Potential New Need for Victims

Last month, the Federal Trade Commission’s Chief Administrative Law Judge dismissed the Commission’s long-running data security case against LabMD because it failed to prove that there was an actual or reasonably imminent threat of injury to consumers.  In the matter of LabMD, Dkt. No. 9357, Initial Decision (Nov. 13, 2015).  The issue of consumer “injury” has loomed large in the world of data privacy litigation since private plaintiffs began bringing class action lawsuits arising from data breaches.  Whether those cases are brought by individuals in their own name or on behalf of a putative class, courts have struggled with the question of what constitutes injury sufficient to successfully prosecute a claim. 

Go

Steering Clear of Broken Promises

With last week’s ruling by the Third Circuit Court of Appeals in FTC v. Wyndham Worldwide Corp. solidifying the Federal Trade Commission’s authority to enforce data security practices, organizations that use online computers to store customer information should take notice.  Since 2005, the FTC has stepped up its enforcement efforts and has entered into more than 50 consent decrees relating to cybersecurity matters.  

Go