Cybersecurity

Subscribe to Cybersecurity via RSS

New York Attorney General Eric T. Schneiderman announced his office was opening a “formal investigation” into the massive breach disclosed by Equifax.  Schneiderman stated that the breach lasted from mid-May through July, when hackers accessed names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.  Under New York law, businesses with

Speaking on a panel at NYU, SEC Chairman Clayton reiterated prior statements by agency officials that cybersecurity is one of the agency’s top priorities.  In the remarks reported by Law360, Chairman Clayton stated that he believed that disclosures by regulated entities concerning cyber risks could be improved.  One of the agency’s Enforcement Directors, who was

On August 21, 2017, Delaware Governor John Carney signed legislation requiring companies to comply with additional data security and breach obligations if they do business in Delaware or maintain personal information on Delaware residents.   Among other things, the new Delaware law requires all companies doing business in Delaware to implement and maintain reasonable security to

New York’s new cybersecurity regulations (the “Regulations”) become effective on August 28, 2017, marking a significant milestone in what is likely to be a new era in cybersecurity regulation on both a national and international level.

As governments grapple with how best to address cyber threats to their citizens, businesses and national security, there is

The Securities Exchange Commission (“SEC”), Office of Compliance Inspections and Examinations (the “OCIE”), published a Risk Alert describing its findings from its second cybersecurity survey of regulated entities (the “Cybersecurity 2 Initiative”).

The survey covered 75 registered broker-dealers, investment advisers, and investment companies and built upon OCIE’s prior round of cybersecurity examinations in 2014 (the

On August 1, 2017, the United States Court of Appeals for the D.C. Circuit held that policyholders of the health insurer CareFirst had standing to sue the company after their information was compromised during a cyberattack.

Wading into a vigorously contested area between plaintiffs and companies that have suffered data breaches, the court held that

Late last month, Target Corporation reached an $18.5 million settlement with the Attorneys General of 47 states and the District of Columbia, resolving the AGs’ investigation into Target’s 2013 data security breach.

Target’s recent settlement, when viewed in conjunction with other recent developments, provides a roadmap for prophylactic measures that companies may implement to limit

From May 2018, organizations established or providing services in the EU will be subject to new national and EU-wide cybersecurity legislation, as regulators in EU Member States begin to apply both the General Data Protection Regulation and national legislation implementing the Network and Information Security Directive.

These new laws will significantly increase the territorial and

On March 1, 2017, the New York Department of Financial Services’ Cybersecurity Regulations entered into effect.

The Regulations impose on financial institutions minimum cybersecurity standards that exceed existing federal standards and introduce new requirements, including obligations to critically evaluate cybersecurity practices, maintain detailed documentation demonstrating compliance and report cyber events to the New York Department

Cybersecurity and hacking incidents continued to dominate headlines in 2016—not only did they continue to impact corporations but they also played a role in the U.S presidential election. At the same time, various states have introduced, considered or adopted cyber-related legislation, including legislation applicable to certain industries that are more sensitive to cybersecurity breaches (e.g.,  New York proposed a cybersecurity regulation that applies to financial institutions licensed or regulated by the New York State Department of Financial Services). Federal agencies, including the U.S. Securities and Exchange Commission (“SEC”), the Federal Trade Commission and the U.S. Department of Justice (“DOJ”), are also playing key roles in regulating the area of cybersecurity.
Continue Reading Recent Developments in Cybersecurity