Data Security Law Blog

Visit the Full Blog

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law. Patterson Belknap’s Privacy and Data Security practice provides public and private enterprises, their leadership teams and boards with comprehensive services in this critical area. Our team of experienced litigators, corporate advisors and former federal and state prosecutors advises on a broad range of privacy and data protection matters including cyber preparedness and compliance, data breach response, special board and committee representation, internal investigations, and litigation.

Are You Ready for Ransomware? CISA Launches New “Stop Ransomware” Website Aimed at Testing Your Cybersecurity Preparedness

The federal government has been grappling with a holistic response to the massive uptick in destructive ransomware attacks that have bombarded the country in recent years.  As part of that response, the Cybersecurity and Infrastructure Security Agency (CISA) recently launched a “Stop Ransomware” website, which is aimed at helping private and public entities test and improve their cybersecurity.  Among other key features of this effort is a self-assessment tool allowing organizations to test their cybersecurity based on government and industry recommendations and standards.  This is a potentially useful addition to any organization’s cyber preparedness toolkit.  They may also become another benchmark against which the “reasonablenessof any company’s data security protections are measured when facing private claims or regulatory scrutiny after a ransomware attack.

Go

New York City Enacts A Biometric Privacy Law

Earlier this year, New York City passed a law restricting the collection and/or use of biometric technology by certain businesses.  The new law goes into effect July 9, meaning applicable businesses have a couple more weeks to prepare themselves for its requirements.  Businesses need only look to similar laws in other states, particularly Illinois, for a glimpse at the litigation that may come should they fail to abide by the new law’s provisions.

Go

Beeple, Top Shots, and the Blockchain of Collectibles: Securing the Value of an Original Digital Asset

A cryptocurrency entrepreneur recently paid $69.3 million for Beeple’s Everydays: The First 5,000 Days at a Christie’s auction.  That record-breaking price purchased a work of art that can be seen only on a computer and the image of which, in large part, is available for use and enjoyment by anyone with an internet connection because the work is a non-fungible token, or NFT.  NFTs have quickly caught the attention of the art world and beyond, touching the mainstream with the NBA Top Shot craze and its $250 million plus marketplace for visual highlights of NBA games.  The company behind NBA Top Shot, Dapper Labs, recently raised $250 million at a $2 billion valuation.  And the larger market for NFTs has grown from $42 million in 2017 to $338 million by the end of 2020.  But for intangible assets whose value is largely driven by the creation of an original work only in cyberspace, owners and investors need to think carefully about what they own and how to protect their digital acquisitions.

Go

Government Warns of New Cyber Threats Targeting U.S. Businesses

The Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Federal Bureau of Investigation (FBI) to issue a joint warning of cyber-attacks emanating from Iran and targeting U.S. federal agencies and businesses.  These hackers target vulnerabilities in virtual private networks (VPNs), which organizations use to allow remote network access.  Once the hackers gain access through a VPN, they export data, sell access to the network, and have the ability to install ransomware.  This is just the latest example of criminals exploiting vulnerabilities associated with the current remote working environment.

Go

Privacy Suits Against Zoom and Houseparty Test the CCPA’s Private Right of Action

Over the past month, many have discovered video chat and conferencing apps such as Zoom and Houseparty, using them for both business and to keep connected to friends and family during this period of global social distancing. Increased usage of these apps has also resulted in close scrutiny of their privacy practices by the public and government authorities. Indeed, Zoom has been hit with eight class actions that were recently consolidated, while separate plaintiffs sued the owners of Houseparty. A core allegation among those suits is that, without notice or consent, these apps provided user data to third parties (e.g., Facebook). Both the Houseparty complaint and a majority of the Zoom complaints allege violations of the California Consumer Privacy Act (CCPA), making these cases among the first with the potential to test the contours of the nascent but expansive privacy law. If the CCPA claims in these suits survive, it could signal the beginning of a substantial increase in class actions claiming CCPA violations.

Go

Court Approves Historic Equifax Data Breach Settlement

The aftermath from one of the largest data breaches in U.S. history is nearing the end, as the presiding judge approved a proposed class action settlement resolving claims arising from Equifax’s September 2017 data breach.  As previously reported, approximately 147.9 million U.S. consumers’ personal information was compromised by that breach.

Go

Home Depot Joins Facebook and Others in Facing Suit for Scanning Faces

This past week, The Home Depot, Inc. became the latest business hit with a class action lawsuit for their use of facial recognition security cameras allegedly in violation of the Illinois Biometric Information Privacy Act.  If successful, Home Depot faces statutory damages of up to $5,000 for each time a shopper’s information was collected in violation of BIPA.

Go

New York’s SHIELD Act Heads to the Governor’s Desk

The New York State Senate recently passed The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, leaving only the Governor’s signature as the final step to the SHIELD Act becoming the country’s newest—and one of the most stringent—breach notification laws.  Given Governor Cuomo’s previous support for robust cybersecurity protections, New York may soon join a growing number of states beefing up their notification statutes.

Go

Illinois Biometric Law: Scanning Fingerprints Can Get You Sued

In a ruling with wide-spread implications, the Illinois Supreme Court on Friday upheld a consumer’s right to sue companies for collecting biometric data – such as finger prints and iris scans – without disclosing how such information will be used.

Go

Texting Clients and Using Social Media? SEC Issues Compliance Reminder to Investment Advisers

Investment advisers may want to think twice before texting clients any advice in the New Year.

In a recently issued Risk Alert, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) reminded investment advisers of their obligations under the Investment Advisers Act of 1940 (Advisers Act) when they or their personnel use electronic messaging for business-related communications.

Go

Study Shows Banks Block 80% of Cyberattacks … But is that Enough?

In Accenture’s 2018 State of Cyber Resilience for Banking & Capital Markets study, the consulting firm reported the rate at which cyber-attacks on banking and capital markets firms are successful dropped from 36 percent in 2017 to 15 percent in 2018. Despite the improvement, one in seven cyber-attacks remain successful – begging the broader question of what else, if anything, banks and capital market firms could be doing to protect themselves from attack?

Go

Wearable Technology Fits into Professional Sports

Professional athletes, teams, and leagues have embraced wearable technology.  But as this new technology becomes ubiquitous, a new category of valuable—and personally sensitive—data has emerged, raising novel data security issues and incentives for would-be hackers.

Go