Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Cyber in the Board Room: Balancing Risk and Oversight Boards of directors remain increasingly exposed to the threat of liability arising from data breaches and other cyber-incidents. Nearly a year ago, Senators Jack Reed and Susan Collins introduced the Cybersecurity Disclosure Act of 2015, a bill aimed at promoting transparency in the oversight of cybersecurity risks for publicly traded companies.  The bill requires the U.S. Securities and Exchange Commission to issue rules requiring each public reporting company to disclose whether any of its directors “has expertise or experience in cybersecurity... More
  • Feds Propose Enhanced Cyber Standards for Nation’s Largest Banks and Their Boards Bank regulators are continuing to demand more accountability from corporate leaders when it comes to compliance with cybersecurity safeguards. In an advance notice of proposed rulemaking issued yesterday, federal regulators are seeking public comment on standards that would require the nation’s biggest banks to bulk up their cybersecurity preparedness and governance.  And agency officials made clear that the move is intended to put the responsibility squarely on the shoulders of corporate officers and directors. The Federal Reserve System, the Federal Deposit Insurance Corporation... More
  • A Long Road Ahead: Data Privacy and the Self-Driving Car America has had a longstanding love affair with the automobile, as a manifestation of innovation and independence.  The next chapter is likely the advent of the (fully or partially) autonomous vehicle. Industry titans Sergey Brin, Elon Musk and Mark Fields, among others, have predicted that rubber will hit the road sans driver in the next few years, and have caused a stir in the cybersecurity community.  The chief concerns are:  First, the vehicles’ wireless technology may be vulnerable to hackers and... More
  • U.S. Senators Want Answers: Yahoo’s Unacceptable Delay In Data Breach Announcement The aftermath of Yahoo’s data breach has raised a number of questions from customers, law enforcement, and most recently six U.S. Senators. Yesterday, Senators Patrick Leahy, Al Franken, Elizabeth Warren, Richard Blumenthal, Ron Wyden, and Edward J. Markey sent a letter to Yahoo CEO Marissa Mayer, demanding answers about the company’s data breach.  The letter came just days after Yahoo publically confirmed that in late 2014 a “state-sponsored” hacker stole personal information from at least 500 million customers. The letter highlights the... More
  • Aftermath of the Yahoo Breach: M&A Risk and Cybersecurity In the midst of its acquisition by Verizon Communications Inc., Yahoo Inc. disclosed what looks like one of the largest reported thefts of user information in U.S. history. Yahoo  has confirmed that a “state-sponsored” hacker stole personal information for at least 500 million customers.  The hack apparently compromised user names, hashed passwords, telephone numbers, street addresses and birth dates.  Yahoo reports that no payment-card data or bank account information was stolen. The breach comes just months after Yahoo entered into an agreement... More
  • New York DFS Proposes New Cybersecurity Regulations Earlier this month, the New York State Department of Financial Services (“DFS”) announced proposed cybersecurity regulations for financial institutions.  This proposal is, according to Governor Cuomo, a “new first-in-the-nation regulation” that is designed to protect financial institutions and their consumers. The proposed regulations are not a surprise.  Late last year, the DFS announced its intention to issue cybersecurity rules.  That announcement came after the DFS surveyed nearly 200 banking and insurance institutions and issued three reports to help inform the rulemaking... More
  • Galaria v. Nationwide: Data Breach Plaintiffs Standing Strong in the Sixth This week, in the first post-Spokeo circuit court decision to address standing in a data-breach class action, the Sixth Circuit joined the Seventh Circuit in holding that plaintiffs whose sensitive personal information has been obtained by hackers have Article III standing to sue based on the risk of future fraud and identity theft. The plaintiffs in Galaria v. Nationwide Mutual Insurance Co., Nos. 15-3386/3387 (6th Cir. Sept. 12, 2016) (unpublished) are a class of 1.1 million customers and potential customers of... More
  • Banner Health Suits Raise Significant Questions for Data Breach Class Actions Banner Health recently announced that hackers may have gained “unauthorized access to patient information” and “payment card data” from approximately 3.7 million patients, health plan members, food and beverage customers, and physicians.  The breach has been reported as the largest for a hospital in 2016. According to Banner Health, attackers obtained access to the “point-of-sale” systems at food and beverage outlets in its facilities, reminiscent of recent attack suffered by the hospitality industry.  Apparently, Banner Health failed to separate its systems... More
  • Patterson Belknap Partners Speak on Panama Papers and Law Firm Cyber Risk at SCG Annual Meeting Patterson Belknap litigation partners Michael F. Buchanan and Craig A. Newman will be speaking at the State Capital Group’s Annual Meeting on September 15, 2016 in Boston.  The SCG is a global network of 148 preeminent law firms located in 82 countries.  Mr. Newman, chair of Patterson Belknap’s Data Security, will moderate the panel, “Changing Norms in Global Privacy: Emerging Issues & Law Firm Risks.”  Mr. Buchanan, a former federal prosecutor, will serve on the panel, which will focus on... More
  • First Day of School for the NYS Education Department’s New Chief Privacy Officer As New York public schools increase the use of technology in day-to-day operations and in the classroom, they increasingly face data management and data security threats similar to those faced by businesses and non-profit institutions. On August 24, 2016, the New York State Education Department appointed Temitope Akinyemi as its first Chief Privacy Officer to help schools navigate this evolving landscape.  The appointment was set in motion on March 31, 2014 when Governor Cuomo signed a budget bill adding two new... More