Data Security Law Blog

http://datasecuritylaw.com/

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • “Primer: Overview of New York Department of Financial Services Proposed Cybersecurity Regulation” Patterson Belknap’s Privacy & Data Security Group is pleased to announce the publication of “Primer: An Overview of the New York Department of Financial Services Proposed Cybersecurity Regulation,” which includes an analysis of the proposed cybersecurity regulation and identifies priority implementation issues.  The primer separates the regulation into five functional areas:  Corporate Governance, Periodic Cyber Risk Assessments, Day-to-Day Cybersecurity Requirements, Third-Party Obligations and Incident Response Planning and Reporting.  Our hope is that the primer will be a useful resource in... More
  • Hints of a Narrowing of the FTC’s Section 5 Authority Under a Trump Presidency The transition of power from President Barack Obama to President-Elect Donald Trump is underway.  Although President-Elect Trump did not lay out specific policy prescriptions about data privacy or consumer protection during his candidacy, his recent choice of Dr. Joshua D. Wright to lead transition efforts at the Federal Trade Commission provides some hints as to the direction the agency may take under a Trump administration. Overview of the FTC Congress established the Federal Trade Commission (FTC) as an independent agency... More
  • DFS Cyber Regulation: Part II – An Interview with Bay Dynamics’ Steven Grossman This is the second installment in our interview with Steven Grossman, VP Strategy & Enablement at Bay Dynamics, the cyber risk analytics company.  Here, Steven discusses the importance of aligning an institution’s risk profile with its cybersecurity plan and recommendations for bridging the gap between IT and the boardroom.  For the first installment of our interview with Steven, click here. Q: The weakest link in cybersecurity is often a third-party vendor.  In fact, several of the headline-grabbing retail breaches involved... More
  • DFS Cyber Regulation: Changing the Rules – An Interview with Bay Dynamics’ Steven Grossman As part of Patterson Belknap’s continuing focus on the New York Department of Financial Services (DFS) proposed cybersecurity regulation, we sat down with Steven Grossman, VP Strategy & Enablement at Bay Dynamics, a cyber risk analytics company, to talk about cybersecurity in a highly regulated environment.  In the first installment of our 2-part interview with Steven, he discusses implementation of the new regulation and the fact that organizations shouldn’t confuse regulatory compliance with effective cybersecurity planning and strategy. Q:  Steven,... More
  • Law Firms and Vendors Mandated to Up Their Cyber Game: Final Installment in a 3-Part Series This is our final installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation.  In this installment, we provide an overview of the regulation’s impact on third-party vendors and business partners, including law firms. Early next year, law firms and other vendors will begin answering to their clients when it comes to cybersecurity.   As we’ve reported, New York State’s top banking regulator, the DFS, has imposed a sweeping cybersecurity regime on the... More
  • Cyber Regulation Demands Board Accountability: Part 2 in a 3-Part Series This is our second installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation.  In this installment, we provide an overview of the regulation’s impact on corporate governance and the scope of liability for corporate boards. The cornerstone for the new DFS cybersecurity regulation is accountability at the top of an organization.  In a survey used to inform the development of the regulation, the DFS explained that “cyber security tends to be... More
  • When Using a Computer Becomes a Crime, Part Two: ACLU, Facebook Weigh In on Ninth Circuit’s Answer The Electronic Frontier Foundation (“EFF”) and the American Civil Liberties Union (“ACLU”) have weighed in on Facebook’s high-profile dispute with a social media aggregation company over whether it had unlawfully accessed Facebook’s computers.  The EFF and ACLU warned the Ninth Circuit that the panel’s ruling for Facebook risks chilling important investigations and makes “potential criminals out of millions of ordinary Americans on the basis of innocuous online behavior.”  The case is Facebook, Inc. v. Power Ventures, Inc., No. 13-17102.  We... More
  • Unpacking New York’s Cybersecurity Regulation: Part 1 in a 3-Part Series This is the first installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation.  The Patterson Belknap Privacy and Data Security Team has studied the regulation, its legislative and regulatory underpinnings, and practical consequences. In our first post, we provide an overview of what financial institutions, insurance companies, and their boards of directors should expect—and begin to prepare for—when the DFS regulation goes into effect early next year.  Institutions covered by the regulation... More
  • LabMD Scores Early Win in FTC Appeal The fight between the Federal Trade Commission and LabMD, the defunct medical testing lab, entered a new chapter late yesterday.  In a 13-page ruling, the U.S. Court of Appeals for the Eleventh Circuit said that LabMD’s appeal presented “a serious legal question” as to the Commission’s interpretation of Section 5 of the FTC Act and that any enforcement of the agency’s order should be stayed until the appellate process had run its course. ‎LabMD's appeal to the Eleventh Circuit has... More
  • China’s Controversial New Cybersecurity Law Earlier today, the Chinese government in Beijing approved a sweeping new cybersecurity law aimed at centralizing control over computer networks operating within China’s borders.  An unofficial English translation of the newly-enacted law is available here.  The new law is broadly drafted and applies to all entities that “own or manage . . . systems comprised of computers . . . for information gathering, storage, transmission, exchange and processing” within China.  On its face, this law appears to cover any business... More