Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • New York DFS Proposes New Cybersecurity Regulations Earlier this month, the New York State Department of Financial Services (“DFS”) announced proposed cybersecurity regulations for financial institutions.  This proposal is, according to Governor Cuomo, a “new first-in-the-nation regulation” that is designed to protect financial institutions and their consumers. The proposed regulations are not a surprise.  Late last year, the DFS announced its intention to issue cybersecurity rules.  That announcement came after the DFS surveyed nearly 200 banking and insurance institutions and issued three reports to help inform the rulemaking... More
  • Galaria v. Nationwide: Data Breach Plaintiffs Standing Strong in the Sixth This week, in the first post-Spokeo circuit court decision to address standing in a data-breach class action, the Sixth Circuit joined the Seventh Circuit in holding that plaintiffs whose sensitive personal information has been obtained by hackers have Article III standing to sue based on the risk of future fraud and identity theft. The plaintiffs in Galaria v. Nationwide Mutual Insurance Co., Nos. 15-3386/3387 (6th Cir. Sept. 12, 2016) (unpublished) are a class of 1.1 million customers and potential customers of... More
  • Banner Health Suits Raise Significant Questions for Data Breach Class Actions Banner Health recently announced that hackers may have gained “unauthorized access to patient information” and “payment card data” from approximately 3.7 million patients, health plan members, food and beverage customers, and physicians.  The breach has been reported as the largest for a hospital in 2016. According to Banner Health, attackers obtained access to the “point-of-sale” systems at food and beverage outlets in its facilities, reminiscent of recent attack suffered by the hospitality industry.  Apparently, Banner Health failed to separate its systems... More
  • Patterson Belknap Partners Speak on Panama Papers and Law Firm Cyber Risk at SCG Annual Meeting Patterson Belknap litigation partners Michael F. Buchanan and Craig A. Newman will be speaking at the State Capital Group’s Annual Meeting on September 15, 2016 in Boston.  The SCG is a global network of 148 preeminent law firms located in 82 countries.  Mr. Newman, chair of Patterson Belknap’s Data Security, will moderate the panel, “Changing Norms in Global Privacy: Emerging Issues & Law Firm Risks.”  Mr. Buchanan, a former federal prosecutor, will serve on the panel, which will focus on... More
  • First Day of School for the NYS Education Department’s New Chief Privacy Officer As New York public schools increase the use of technology in day-to-day operations and in the classroom, they increasingly face data management and data security threats similar to those faced by businesses and non-profit institutions. On August 24, 2016, the New York State Education Department appointed Temitope Akinyemi as its first Chief Privacy Officer to help schools navigate this evolving landscape.  The appointment was set in motion on March 31, 2014 when Governor Cuomo signed a budget bill adding two new... More
  • Asset Protection Wake Up Call: Data Security Top Concern for High Net Worth Investors A recent study asked high net worth investors which of the following issues they were most concerned about: terrorism, data security, or a major illness.  The most prevalent response might surprise you.  Seventy-two percent of the investors surveyed ranked data security as their top concern, followed by terrorism and then a major illness. The study, conducted by Morgan Stanley, surveyed high net worth individuals between the ages of 25 and 75, the majority of whom already had been victimized by cybercrime. ... More
  • Post-Spokeo Standing: An Evolving Landscape Several recent federal court decisions have shed additional light on the still-unsettled question of when a plaintiff has Article III standing to sue based on a data breach or other data security or privacy event.  These cases—Attias v. CareFirst, Inc. (D.D.C.), Wood v. J. Choo USA, Inc. (S.D. Fla.), and Guarisma v. Microsoft (S.D. Fla.)—offer somewhat mixed guidance for defendants in privacy-related class action lawsuits looking to use a standing challenge as a quick escape. We previously reported on the U.S. Supreme Court’s decision in Spokeo, Inc.... More
  • Craig A. Newman will moderate “Preparing a Cybercrime Incident Response Plan” at the ILTACON 2016 Annual Educational Conference on August 29th in Washington, D.C. Craig A. Newman will moderate “Preparing a Cybercrime Incident Response Plan” at the ILTACON 2016 Annual Educational Conference on August 29th in Washington, D.C.  ILTACON is the annual conference for law firms and legal departments sponsored by the International Legal Technology Association.  Meticulous and thoughtful planning is required when putting together an organization’s data breach incident response plan, especially in today’s environment.  Craig will lead a panel of data security experts in walking through case studies of data security breaches... More
  • When Is Using a Computer a Crime? Rehearing Sought on Ninth Circuit’s “Distressingly Unclear” Answer Facebook recently won a landmark victory in the Ninth Circuit against a company that accessed Facebook’s computers to help users manage their social network accounts.  Now the company, Power Ventures, Inc., says that the Ninth Circuit’s decision risks creating “widespread confusion” about when it is a crime to use a computer to access a website. The issue in Facebook, Inc. v. Power Ventures, Inc., No. 13-17102 (9th Cir.), is how to determine when an unauthorized—or explicitly prohibited—use of a computer becomes... More
  • Pokémon GO Exposes Risks of Bring-Your-Own-Device (BYOD) Policies There’s no denying it: Pokémon GO is a phenomenon. The smartphone game, in which players use their mobile device camera and GPS to capture, battle, and train virtual creatures, was released in the United States on July 6th.  In a month, it has shot to the top of the App Store charts to become the biggest mobile game in U.S. history.  Within just days of its release, Pokémon GO already had surpassed app giants like Twitter and Tinder in number of... More