Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Judge Sides with Government over Google in the Latest Battle Rematch over the Territorial Reach of the SCA Another federal judge has rejected the U.S. Court of Appeals for the Second Circuit’s interpretation of the Stored Communications Act (SCA), and has ordered Google to hand over customer email traffic—wherever located—to U.S. law enforcement.  More than a year ago, the Second Circuit held that Microsoft Corp. was not required to produce customer emails stored... More
  • SEC Watch: “Observations” from SEC’s Cybersecurity 2 Initiative Last week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released its “Observations from Cybersecurity Examinations” conducted pursuant to OCIE’s “Cybersecurity 2 Initiative.”  A copy of the summary is available here.  This is a follow-on to an earlier series of examinations (the “Cybersecurity 1 Initiative”) conducted in 2014. OCIE... More
  • DFS Cyber Regulation Countdown: Who Should Certify Compliance? Companies subject to New York’s Department of Financial Services (DFS) new cybersecurity regulation should be preparing to comply with the first round of requirements by the upcoming August 28th deadline: enacting a cybersecurity program and policies, implementing user access privileges, designating a Chief Information Security Officer (CISO), employing qualified personnel, and implementing an incident response... More
  • Federal Appeals Court Says Healthcare Insurer Must Face Data Breach Lawsuit A federal appeals court earlier this week dealt a blow to healthcare insurer CareFirst, Inc., concluding that a group of customers have the right to pursue a class action data breach lawsuit based on a 2014 cyberattack. In a unanimous ruling, a three-judge panel of the United States Court of Appeals for the District of... More
  • Hackers Target the Bottom Line: Business Operations and Earnings Over the past several years, we have witnessed a fundamental shift in orchestrated cyber-attacks from hacking credit card data and healthcare information to targeting businesses, their operations and bottom lines. Last month, companies across the globe were hit by the so-called “Petya” ransomware attack, as this blog has previously discussed.  In that attack, hackers infected... More
  • Follow the Money and Beware the Extra “L”: First Department Sustains Claims against Fund Administrator After Hackers Grab Millions A legal feud is underway between the world’s biggest hedge fund administrator and a former client over an email scam that resulted in hackers stealing millions in client funds.  And not surprisingly, the time-honored tradition of finger pointing is on full display as each party accuses the other of employing sub-par internal controls and lackluster... More
  • ABA Panel on “Cybersecurity for Law Firms: Does Size Matter?” In conjunction with the American Bar Association’s Annual Meeting in New York next month, the ABA will feature a panel on “Cybersecurity for Law Firms: Does Size Matter?” The panel will discuss current cybersecurity threats facing law firms of all sizes, and will include perspectives from the U.S. Department of Justice, a forensics firm, and... More
  • Another Rematch Between Tech Companies and the Government over the Territorial Reach of the Stored Communications Act Lawyers for the tech community are gearing up for argument next month in the U.S. District Court in San Francisco, seeking to overturn another magistrate’s order that requires digital information stored outside of the U.S. to be turned over in response to a U.S. search warrant. The California case is only the latest in a... More
  • FTC Chronicle: “Lessons Learned” from the Agency’s Data Breach Investigations The Federal Trade Commission (FTC) – often criticized for not providing clear guidance as to what the agency considers reasonable data security – announced on Friday that it would publish a weekly blog discussing “lessons learned” from data security investigations that were closed without a formal enforcement action Over the past 15 years, the agency... More
  • DFS Cyber Compliance Nightmare? New York’s powerful Department of Financial Services (DFS) upended cybersecurity regulation with its new and sweeping “Cybersecurity Requirements for Financial Services Companies,” which took effect on March 1, 2017.  But is the financial industry ready and equipped to comply with this detailed regulation?  According to a recent survey published by Ponemon Institute and sponsored by... More