Data Security Law Blog

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law. Patterson Belknap’s Privacy and Data Security practice provides public and private enterprises, their leadership teams and boards with comprehensive services in this critical area. Our team of experienced litigators, corporate advisors and former federal and state prosecutors advises on a broad range of privacy and data protection matters including cyber preparedness and compliance, data breach response, special board and committee representation, internal investigations, and litigation.

FBI Reports An Increasing Rate Of Internet-Facilitated Crime

by Simone M. Silva-Arrindell and Michael F. Buchanan on May 8, 2019

The FBI’s Internet Crime Complaint Center, better known as IC3, released its 2018 Internet Crimes Report. For those unfamiliar with the IC3, it was established by the FBI in May 2000 as a central repository for public complaints of internet-based crimes. Since its inception, IC3 has received more than 4 million complaints. To facilitate law enforcement efforts and promote public awareness, IC3 analyzes the complaints it receives and disseminates information to the public and law enforcement. Among other things, it identifies trending scams, refers scams that do not meet federal law enforcement thresholds to state and local law enforcement, and provides victim services. New in 2018, IC3 created the Recovery Asset Team to help victims of internet-facilitated schemes recover funds and the Victim Specialist-Internet Crime position to provide crisis intervention, needs assessments, and referrals.

HHS Releases New Cybersecurity Guidance

by Simone M. Silva-Arrindell and Craig A. Newman on January 22, 2019

In a four-part publication, a Task Force that included the Department of Health and Human Services (HHS) and private sector industry leaders released guidance for the healthcare industry on cybersecurity best practices. The guidance, Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients, focuses on healthcare providers, payors and pharmaceutical companies.

Part 2: More from DOJ on Cyber Investigations and Breach Preparedness

by Simone M. Silva-Arrindell and Craig A. Newman on October 8, 2018

This is the second post in our two-part series about DOJ’s revised guidance on its “Best Practices for Victim Response and Reporting Cyber Incidents.” In the first installment, we looked at DOJ’s recommendations for preparedness. Today, we turn to the basics of data breach incident response and a list of DOJ’s “don’ts” when dealing with a hacker.

Part 1: DOJ Weighs In on Cyber Investigations & Breach Preparedness

by Simone M. Silva-Arrindell and Craig A. Newman on October 3, 2018

The U.S. Department of Justice is increasing its outreach to the private sector on all things cyber.

Last week, the DOJ’s Criminal Division held a cybersecurity roundtable to discuss challenges in handling data breach investigations. As part of the roundtable discussion, the DOJ issued revised guidance on its “Best Practices for Victim Response and Reporting Cyber Incidents.” The Best Practices guidance, summarized below, is the result of the DOJ’s outreach efforts concerning ways in which the government can work more effectively with the private sector to address cybersecurity challenges. The goal of the roundtable discussion, which started in 2015, is to foster and enhance cooperation between law enforcement and data breach victims, and to also encourage information sharing.

California’s New Privacy Law: A Closer Look

by Simone M. Silva-Arrindell and Craig A. Newman on July 2, 2018

California’s landmark digital privacy law – signed into law late last week – is the most sweeping consumer data protection law in the U.S. The California Consumer Privacy Act of 2018 or CCPA promises to give consumers unprecedented control over their personal information including the right to know what information companies are collecting about them and how it is used.

California Enacts Sweeping Consumer Privacy Law

by Simone M. Silva-Arrindell and Craig A. Newman on June 29, 2018

California threw down the proverbial gauntlet last night and enacted a sweeping new digital privacy law aimed at giving the state’s consumers more control over their personal information.

Facebook Gears Up for High Stakes Biometric Trial

by Simone M. Silva-Arrindell and Craig A. Newman on May 21, 2018

In one of the first major tests of the Illinois biometric data privacy law, Facebook is headed to trial this summer over allegations that the social media giant unlawfully collects user data with its photo tagging function. Last week, U.S. District Judge James Donato denied cross motions for summary judgment in a class action pending in Northern California, noting the “multitude of fact disputes in the case.”

The Warning Behind the Numbers: New York’s 2017 Data Breach Report

by Simone M. Silva-Arrindell and Craig A. Newman on April 2, 2018

On its face, last week’s report that the number of data breaches reported last year to New York’s Attorney General spiked to an all-time high of 1,583 – up 23 percent from 2016 – was not good news.

But behind the numbers are even more disturbing trends. Start with the fact that hacking – the handy work of outside intruders – was the leading cause of reported breaches last year, accounting for 44 percent of reported breaches. Hacking also accounted for nearly 95 percent of all personal information exposed. In second place was employee error or negligence, which represented 25 percent of last year’s reported breaches.

“Legally Reprehensible”: Senate Chastises Uber’s Conduct in 2016 Data Breach

by Simone M. Silva-Arrindell and Craig A. Newman on February 8, 2018

On Tuesday, a Senate subcommittee grilled Uber’s Chief Information Security Officer, John Flynn, over a 2016 data breach that affected nearly 57 million drivers and riders. At the hearing, Uber faced backlash from lawmakers for its “morally wrong and legally reprehensible” conduct that “violated not only the law but the norm of what should be expected.”

Part Two: In-Depth Look at New York’s New Data Security Bill

by Simone M. Silva-Arrindell and Craig A. Newman on November 20, 2017

Second in a two-part series.

Last week, in the first part of this series, we examined several key aspects of New York’s proposed data security law, Stop Hacks and Improve Data Security Act or SHIELD Act. In our second and final installment, we discuss three additional aspects of the proposed law.

An In-Depth Look at New York’s New Data Security Bill

by Simone M. Silva-Arrindell and Craig A. Newman on November 15, 2017

First in a two-part series.

As we reported last week, New York Attorney General Eric T. Schneiderman has introduced a bill aimed at protecting New Yorkers from data breaches.

Hackers Score Touchdown: NFL Players Association Hit With Data Breach

by Simone M. Silva-Arrindell and Craig A. Newman on October 9, 2017

A data breach of the National Football League Players Association’s (“NFLPA”) website has exposed the personal information of nearly 1,200 players and agents.

8th Circuit Finds Standing in Data Breach Case but Dismisses on Pleading Deficiencies

by Simone M. Silva-Arrindell and Craig A. Newman on August 28, 2017

In one of the first federal appellate court rulings following the Ninth Circuit’s decision in Robins v. Spokeo, the Eighth Circuit delivered a pyrrhic victory for customers victimized by a data breach. In Kuhns v. Scottrade, the Eighth Circuit ruled that, although the plaintiff had established standing to pursue a claim against Scottrade, Inc. resulting from a data breach that occurred in 2013, the customer failed to sufficiently allege that the brokerage firm breached its contractual obligations and affirmed dismissal of the case.

DFS Cyber Compliance Nightmare?

Detailed survey results indicate compliance is far from reach

by Simone M. Silva-Arrindell and Craig A. Newman on July 13, 2017

New York’s powerful Department of Financial Services (DFS) upended cybersecurity regulation with its new and sweeping “Cybersecurity Requirements for Financial Services Companies,” which took effect on March 1, 2017. But is the financial industry ready and equipped to comply with this detailed regulation? According to a recent survey published by Ponemon Institute and sponsored by Fasoo, the answer is an unequivocal “no.”

Help Is On the Way: Cybersecurity Bill Aims to Provide Assistance and Training

by Simone M. Silva-Arrindell and Michelle W. Cohen on April 5, 2017

A recently introduced bipartisan bill seeks to provide state and local authorities with additional resources to assist in the fight against cybersecurity threats. Last month, Senators John Cornyn (R-Tex.), Patrick Leahy (D-Vt.), and Ted Cruz (R-Tex.) introduced the National Cybersecurity Preparedness Consortium Act, which would authorize the Department of Homeland Security to work with non-profit consortia to assist state and local governments with their cybersecurity preparedness and response efforts. House Representative Joaquin Castro (D-Tex.) introduced a companion bill the same day.

LabMD’s 11th Circuit FTC Appeal: The Opening Shot

by Simone M. Silva-Arrindell and Craig A. Newman on December 29, 2016

Firing the opening salvo in its appeal of one of the most controversial data security decisions by the U.S. Federal Trade Commission in years, LabMD accused the agency of overstepping its authority and “destroy[ing] [the] small medical testing company” in the process.