Amends First-In-The-Nation Cybersecurity Regulation Created in 2017 in Response to Increasingly Sophisticated Technologies and Threats The Department Seeks Comments on the Proposed Regulation During the Next 60 Days Superintendent of Financial Services Adrienne A. Harris announced today that the New York State Department of Financial Services (DFS) proposed an updated cybersecurity regulation. DFS’s original regulation, which…
Category: State/Local
Bug Bounties and Ransomware Demands: Storm Clouds Ahead for In-House Counsel
Michael Ward, Matthew Baker, and Jessica Wu of Baker Botts write about the conviction of Uber’s former security chief for felony violations of obstructing a Federal Trade Commission investigation and “misprision of felony” for failing to disclose a 2016 data breach. They then discuss issues for in-house counsel that the case raises, beginning with: Action…
PA: Data breach notification legislation heads to Gov. Wolf
Brett Balicki reports: A bill to help notify victims of a data breach is heading to Gov. Tom Wolf’s desk for consideration. The General Assembly has approved Sen. Dan Laughlin’s legislation, Senate Bill 696, that would require state agencies and their contractors, as well as local governments, to notify victims of a data breach involving personally…
New York Department of Financial Services settles charges against EyeMed with a $4.5 million penalty and remedial cybersecurity plan
In January 2022, DataBreaches reported that New York announced a $600,000 agreement with EyeMed that resolved a 2020 phishing incident that compromised the personal information of approximately 2.1 million consumers nationwide, including 98,632 in New York. But that was not the end of enforcement action and monetary penalties for EyeMed. Now the state’s Department of…
Federal Court holds nonprofit health center is immune from data breach class action
Daniel Rockey of Bryan Cave Leighton Paisner writes: In a case of first impression, the United States District Court for the Southern District of California granted the motion of Defendant Neighborhood Healthcare seeking order compelling the United States to defend a putative class action lawsuit alleging that Neighborhood failed to ensure the confidentiality of her…
Patchwork of US State Regulations Becomes More Complex as Florida, North Carolina Ban Ransomware Payments
Scott Ikeda reports: The issue of banning ransomware payments has been contentious and hotly debated in governments throughout the world in the last few years, particularly as the problem seemed to grow out of control during the Covid-19 pandemic. In the US, the federal government has come down on the side of allowing payments but adding increasingly…