Scott Ikeda reports: The issue of banning ransomware payments has been contentious and hotly debated in governments throughout the world in the last few years, particularly as the problem seemed to grow out of control during the Covid-19 pandemic. In the US, the federal government has come down on the side of allowing payments but adding increasingly…
Category: State/Local
New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection
By Hunton Andrews Kurth’s Privacy and Cybersecurity On June 10, 2022, New York became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education (“CLE”) requirements. The new requirement will take effect July 1, 2023. The New York State…
NYDFS Proposed Amendments to Its Cybersecurity Rules
Patrick H. Haggerty and Elise Elam of BakerHostetler write: On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for…
New York DFS Fines Robinhood $30M for “Significant” Cybersecurity Violations
Linn F. Freedman of Robinson + Cole writes: The New York Department of Financial Services (DFS) announced its first ever penalty against a cryptocurrency platform this week, with a whopping $30 million fine assessed against Robinhood Crypto, LLC (RHC) for what it described as “significant failures in the areas of bank secrecy act/anti-money laundering obligations and cybersecurity…
Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms
Elise Elam and Benjamin Wanger of BakerHostetler write: We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions…
Expensive week for Carnival Corp: a $1.25 million settlement with states over one breach, then a $5 million settlement with New York for violating state cybersecurity regulation
It seems this was the week for following up on Carnival Corporation breaches. Earlier this week, state attorneys general announced a $1.25 million multistate settlement with the cruise line over a 2019 data breach first disclosed in 2020. But there was other news concerning the cruise line this week, too. On Friday, the New York…