It’s a marathon month for the thousands of financial institutions and insurance companies covered by New York’s landmark cybersecurity regulation. In little more than a week, these businesses must file their second annual certification of compliance with the State’s Department of Financial Services. Two weeks later, they must also come into compliance with the regulation’s third-party vendor requirements, the final milestone in the two-year roll out of the cybersecurity regulation.
Data Security Law BlogVisit the Full Blog
DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law. Patterson Belknap’s Privacy and Data Security practice provides public and private enterprises, their leadership teams and boards with comprehensive services in this critical area. Our team of experienced litigators, corporate advisors and former federal and state prosecutors advises on a broad range of privacy and data protection matters including cyber preparedness and compliance, data breach response, special board and committee representation, internal investigations, and litigation.
Protecting children’s online privacy remains a point of focus for the New York Attorney General. That’s the upshot of the recent record-setting settlement with Oath Inc. – formerly AOL, Inc. – for violating the Children’s Online Privacy Protection Rule (COPPA).
It is not enough for companies to establish policies and procedures designed to prevent the misuse of material nonpublic information. Companies must also enforce those policies and procedures.
That’s the lesson from the U.S. Securities and Exchange Commission's recent settlement with Mizuho Securities USA LLC (“Mizuho”), a broker-dealer, for the firm’s failure to safeguard customer information.
Last week, the U.S. Court of Appeals for the Eighth Circuit affirmed the district court’s approval of a $17 million settlement between Target Corp. and consumers whose credit card data was compromised in the 2013 data breach. In one of the largest data breaches to hit U.S. retailers, hackers stole information from 40 million credit and debit cards during the 2013 holiday season.
The insurance industries in South Carolina and Rhode Island may soon be required to adopt formal data security safeguards, a movement sparked by the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The model law, which NAIC adopted in October 2017, establishes minimum standards for data security applicable to insurance providers. It is part of a growing body of state-level cybersecurity legislation, including the New York State Department of Financial Services regulation issued in March 2017. We blogged about the model law back in January.
Is the risk of future harm enough to satisfy Article III standing in a data breach suit? That’s the question courts of appeals around the country are wrestling with now – and reaching opposing results. The U.S. Court of Appeals for the Ninth Circuit is the latest to wade into this debate on data breach standing in its recent opinion, In re Zappos.Com, Inc., Customer Data Security Breach Litigation.
The Justice Department is changing its approach to collecting data stored in the cloud.