Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Part Two: In-Depth Look at New York’s New Data Security Bill Second in a two-part series. Last week, in the first part of this series, we examined several key aspects of New York’s proposed data security law, Stop Hacks and Improve Data Security Act or SHIELD Act. In our second and final installment, we discuss three additional aspects of the proposed law. Content of Notices All SHIELD Act notices must contain the contact information of the entity providing the notice, the contact information for state and federal agencies that provide... More
  • An In-Depth Look at New York’s New Data Security Bill First in a two-part series. As we reported last week, New York Attorney General Eric T. Schneiderman has introduced a bill aimed at protecting New Yorkers from data breaches. The Stop Hacks and Improve Data Security Act or SHIELD Act requires businesses to “implement and maintain reasonable safeguards” to protect New Yorkers’ personal and private information; according to the Attorney General, data breaches involving New Yorkers increased 60% in 2016.  The new legislation, which was introduced in the wake of... More
  • SEC Cyber Watch: Finally, New Guidelines for Breach Disclosures? The U.S. Securities and Exchange Commission has signaled that it expects to issue updated guidelines on reporting cybersecurity incidents. “I think this issue is important enough, wide-ranging enough that we should tackle it at the commission level,” said William H. Hinman, the SEC’s new director of the Division of Corporate Finance. Hinman’s remarks were made last week during a speech in New York and reported by the Wall Street Journal. Hinman hinted that the guidelines would “touch a couple of... More
  • A Call to Action: New York Becomes a National Force in Data Security New York is emerging as the nation’s de facto top data security regulator. Earlier this year, the state’s powerful Department of Financial Services implemented its tough cybersecurity regulation covering banks and insurance companies.  And shortly after disclosure of the Equifax breach, the agency – at the direction of New York Governor Andrew M. Cuomo – announced a proposed regulation that would require credit reporting agencies to comply with the DFS cybersecurity regulation. Now, New York Attorney General Eric T. Schneiderman... More
  • Court Rejects DOJ’s Depiction of Google as “Willful and Contemptuous” Tactics in Ongoing Battle over SCA Search Warrant A federal judge in California has agreed to hold Google in contempt for not following his order to turn over data stored overseas.  The order is largely symbolic, however, since a contempt order is required for Google to appeal the ruling. We’ve been covering the dispute between the government and Google over the company’s refusal to hand over customer data stored on foreign servers.  The last time we wrote about this case, the Justice Department had demanded that Google be... More
  • A Cautionary Tale: UK Intelligence Data Found on Thumb Drive in London Street Not all cybersecurity risks are the stuff of super-secret code hacks or high-tech digital attacks. One of the biggest culprits: off-the-shelf thumb drives (also known as flash drives or memory sticks) that you can purchase online, at Walmart or at your local office supply shop. Lightweight and small enough to fit in your pocket, thumb drives can store massive amounts of data. Yesterday’s stunning news from the UK underscores the risk of these common devices. A USB memory stick allegedly... More
  • Government Warns of Threat Activity Targeting Critical Infrastructure through Third-Party Access A cloak of secrecy usually covers covert government activities when it comes to the latest cyber threats and intelligence. But in a rare public statement, the U.S. government has warned that hackers are targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. And instead of going directly after these high profile targets, the hackers are taking indirect routes through smaller – often supporting organizations – such as trusted third party suppliers, which often have... More
  • Healthcare Cyber: House Inquiry Targets Medical Software In its latest inquiry into cybersecurity risks in the healthcare sector, the House Energy and Commerce Committee last week requested a “formal briefing” from medical transcription vendor Nuance Communications, Inc. concerning its handling of the NotPetya malware attack. The committee also hinted that it was undertaking a broader inquiry into the cybersecurity practices in the healthcare industry. Nuance – a key vendor to hospitals, medical groups and doctors – was one of hundreds of organizations hit by the NotPetrya cyber-attack... More
  • Another Bumpy Week for Equifax: Virus Hits Website, IRS Suspends Contract and Hacked UK Residents Notified It was another chaotic week for Equifax Inc., still scrambling to stem the torrent of bad news after its massive data breach last month that has potentially affected more than half of the U.S.’s adult population. Here’s a quick rundown of last week’s developments: Close Call – A malicious virus – apparently from an Equifax vendor – stirred reports of another data breach when the credit reporting agency took an online portal down as a precautionary measure.  The company says... More
  • Justices to Hear DOJ Appeal on Microsoft Ruling: Is Email Stored Abroad Subject to a U.S. Warrant? The Supreme Court is poised to finally answer the question that’s been plaguing federal courts across the country:  must U.S. tech companies comply with warrants issued under the Stored Communications Act (“SCA”) that demand information from customer accounts that is stored on servers in a foreign country? We’ve written several times about the seminal Microsoft litigation.  It started in December 2013, when U.S. law enforcement officials served an SCA warrant on Microsoft seeking email content associated with an unnamed user’s... More