Data Security Law Blog

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law. Patterson Belknap’s Privacy and Data Security practice provides public and private enterprises, their leadership teams and boards with comprehensive services in this critical area. Our team of experienced litigators, corporate advisors and former federal and state prosecutors advises on a broad range of privacy and data protection matters including cyber preparedness and compliance, data breach response, special board and committee representation, internal investigations, and litigation.

New York State AG Probe of Zoom Results in Enhanced Cybersecurity Practices

by Christina Seda-Acosta and Michael F. Buchanan on May 14, 2020

The Zoom videoconferencing platform has been a constant fixture in recent news as the coronavirus pandemic has caused businesses around the world to flock to it, exposing significant cybersecurity and privacy concerns. These concerns drew the attention of the New York State Attorney General’s Office (“NYAG”), which initiated an investigation into the company’s cybersecurity practices in March, following a massive surge in use. The NYAG’s investigation came to a conclusion on May 7, 2020, when it reached a settlement with Zoom that will require Zoom, among other things, to enhance its practices around cybersecurity and data privacy.

The SEC Issues Observations on Cybersecurity and Resiliency Measures

by Christina Seda-Acosta and Peter A. Nelson on February 4, 2020

Last week, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a list of recommendations for institutions to enhance their cybersecurity preparedness and operational resiliency. These observations – based upon the examination of thousands of SEC registrants – serve as a lens into the likely subjects of future SEC examinations.

New York’s SHIELD Act Is Signed Into Law

by Christina Seda-Acosta and Alejandro H. Cruz on August 1, 2019

Last Thursday, Governor Cuomo signed New York’s latest data security bill – the Stop Hacks and Improve Electronic Data Security, or “SHIELD” Act. The Act, which we have followed on this blog since November 2017, imposes new notification obligations on businesses managing private data when a security breach occurs. Capital One’s recent breach underscores the significance of the changing regulatory landscape, as both businesses and the government attempt to navigate and protect against large-scale cybersecurity attacks, and the importance of understanding notification obligations, should those efforts fail.

Millions of Patient Records Exposed in Breach at Medical Testing Giants’ Third-Party Vendor

by Christina Seda-Acosta on June 11, 2019

It’s been a tough week for the healthcare industry.

Just days after Quest Diagnostics reported a breach at a third-party vendor affecting approximately 11.9 million of its patients, LabCorp disclosed that a breach at the same vendor exposed the personal and financial data of 7.7 million of its customers.

Online Trust Alliance Audit Hands Feds Rare Honor

by Christina Seda-Acosta on April 25, 2019

The federal government’s record for effective cyber defenses of its own websites has not been stellar over the past few years. Federal government agencies ranging from the Office of Personnel Management to the National Archives have suffered data breaches, as have nearly a dozen other agencies.

Another Hack in the Education Sector: 40 Million Records Exposed

by Christina Seda-Acosta on October 16, 2018

A recent data breach at Chegg Inc., the online educational technology company, serves as the most recent reminder that the education sector remains a target for hackers.

Last month, Chegg reported, on a Form 8-K disclosure filed with the Securities Exchange Commission, that it had experienced a security breach in which an “unauthorized party gained access to a Company database that hosts user data for chegg.com.”

The Tale of LabMD: New lawsuits charge ethics violations and fake data breaches

by Christina Seda-Acosta on April 30, 2018

The LabMD data security case is anything but dull. An 8-year (and counting) fight with the U.S. Federal Trade Commission, a U.S. House of Representatives Oversight and Government Reform Committee investigation into allegations of government overreach and collusion, a key witness granted governmental immunity and multiple related civil lawsuits scattered around the country.

A (Secondary) Education in Data Security

by Christina Seda-Acosta and Peter A. Nelson on February 5, 2018

On January 18, 2018, the New York State Education Department (“NYSED”) announced that one of its vendors, Questar Assessment, experienced a data breach resulting in the unauthorized disclosure of personal information from students in five different New York schools. While the data breach reportedly affected only a small number of students that had registered for online testing in spring 2017, it nonetheless exposed sensitive personally identifiable information from those students. And despite its narrow scope, this breach potentially threatens public (and parent) confidence in the security of sensitive student information at a time when New York schools are moving more and more of their activities online.