Data Security Law Blog

http://datasecuritylaw.com/

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Another Rematch Between Tech Companies and the Government over the Territorial Reach of the Stored Communications Act Lawyers for the tech community are gearing up for argument next month in the U.S. District Court in San Francisco, seeking to overturn another magistrate’s order that requires digital information stored outside of the U.S. to be turned over in response to a U.S. search warrant. The California case is only the latest in a... More
  • FTC Chronicle: “Lessons Learned” from the Agency’s Data Breach Investigations The Federal Trade Commission (FTC) – often criticized for not providing clear guidance as to what the agency considers reasonable data security – announced on Friday that it would publish a weekly blog discussing “lessons learned” from data security investigations that were closed without a formal enforcement action Over the past 15 years, the agency... More
  • DFS Cyber Compliance Nightmare? New York’s powerful Department of Financial Services (DFS) upended cybersecurity regulation with its new and sweeping “Cybersecurity Requirements for Financial Services Companies,” which took effect on March 1, 2017.  But is the financial industry ready and equipped to comply with this detailed regulation?  According to a recent survey published by Ponemon Institute and sponsored by... More
  • DFS Issues Additional Guidance for Cyber Regulation Compliance New York’s Department of Financial Services (DFS) has issued additional guidance for compliance with the state’s sweeping cybersecurity regulation that went into effect earlier this year.  Companies covered by the regulation must comply with the first round of requirements by August 28th. The additional guidance – in the form of frequency asked questions posted on... More
  • When Health Data Goes Missing: Largest Reported Ransomware Attack In the aftermath of two powerful global ransomware attacks, a Michigan-based medical equipment provider has disclosed that hackers “encrypted our data files” and accessed more than 500,000 patient records in what is believed to be the largest reported ransomware attack on health care information. Airway Oxygen Inc., a privately held company that supplies home healthcare... More
  • 11th Circuit Hears Oral Argument in LabMD Case Yesterday morning, the United States Court of Appeals for the Eleventh Circuit, sitting in Miami, heard oral argument in the case of LabMD, Inc. v. Federal Trade Commission, No. 16-16270.  For purposes of this post, we presume readers are familiar with this case, which we’ve blogged about extensively since the Federal Trade Commission lodged an... More
  • A question of harm: LabMD to face off with FTC at 11th Circuit In a consequential test of the Federal Trade Commission’s authority as a data security regulator, the U.S. Court of Appeals for the Eleventh Circuit will hear argument tomorrow in a case that will determine whether the agency must show a concrete consumer injury as an element of an enforcement action, just as private plaintiffs have... More
  • NYS Cyber Regulation Countdown: Continuous Monitoring In our series of posts leading up to the August 28th deadline for the first phase of requirements under New York’s cybersecurity regulation, the Patterson Belknap team looks at issues that institutions face as they implement the new rules. In complying with the New York State Department of Financial Services (DFS) cybersecurity regulation, financial institutions... More
  • DFS Cyber Compliance Nightmare? A new survey by the Ponemon Institute reports that less than half of the financial institutions covered by New York’s sweeping new cybersecurity regulation say they will “likely” meet next February’s compliance deadline. And even more stunning is the fact that only 13% of those institutions surveyed reported “with certainty” that they would be in... More
  • NYS Cyber Regulation Countdown: “Risk Assessment” – Now or Later? In our series of posts leading up to the August 28th deadline for the first phase of requirements under New York’s cybersecurity regulation, the Patterson Belknap team looks at issues that institutions face as they implement the new rules. New York financial institutions are faced with a tough, and potentially costly, choice.  Conduct a risk... More