Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

The Ever Expanding Scope of Cyber Risks: All Policy Lines Beware

What exactly is a cyber risk, and in particular a risk that is covered by insurance, is a constantly evolving concept. Insureds, insurers and reinsurers are continually faced with new types of risks and claims that fall within the rubric of “cyber.” What is a cyber risk is often broadly construed as anything related to … Continue Reading

State Updates on Cybersecurity Regulations: New York DFS Issues FAQs on Its Cybersecurity Regulations and Colorado Adopts Rules Applicable to Broker-Dealers and Investment Advisors

New York and Colorado have continued to take the lead in cybersecurity requirements for regulated financial institutions. The New York Department of Financial Services (DFS), which issued the first state cybersecurity regulation directed at its regulated financial institutions, 23 NYCRR Part 500, recently updated its “Frequently Asked Questions Regarding 23 NYCRR Part 500” on July … Continue Reading

New Jersey Bill Limiting Identity Card Scanning Signed Into Law

On July 21, 2017, New Jersey Governor Chris Christie signed into law a bill that places new restrictions on retailers’ collection and use of information collected when a customer’s identification (ID) card is scanned. The Personal Information and Privacy Protection Act (the Act) (we previously analyzed this bill, here) takes effect on October 1, 2017, and permits … Continue Reading

ALERT – FTC Issues Updated Guidance for Compliance with COPPA

On June 21, 2017, the Federal Trade Commission (FTC) updated its guidance for compliance with the Children’s Online Privacy Protection Act (COPPA).  COPPA regulates websites and other online services in connection with collection of information from children under 13.  The full version of the FTC’s updated guidance is available at https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance The FTC guidance instructs … Continue Reading

Two New Developments in Website Accessibility Cases: Nation’s First Website Accessibility Trial Verdict Is Far From a Winn for Retailers, and Hobby Lobby Is Dealt a Blow in California Decision

As numerous retailers know firsthand, website accessibility has become a hotbed for litigation in recent years. Despite plaintiffs filing scores of website accessibility claims against retailers each year, very few of these cases make it past pleadings, and there has been little to no guidance from the courts. This changed on June 13, 2017, in … Continue Reading

Rallying Cry: Health Care Cybersecurity a Key Public Health Concern

On June 2, 2017, the Health Care Industry Cybersecurity Task Force published its Report on Improving Cybersecurity in the Health Care Industry. The lengthy and comprehensive Report serves as a wake-up call to the medical field, taking seriously the threat of cyber-attacks targeting health care providers, the dangers created by increasing digital interconnectivity in the … Continue Reading

ALERT – OCR Issues Quick Response Cyber Attack Checklist and Graphic

In the aftermath of the recent WannaCry ransomware attack and the May 12, 2017 notification from Laura Wolf, Critical Infrastructure Protection Lead of Health and Human Services (HHS) discussed in Cinthia Motley’s May 13, 2107 Alert:  Ransomware – a Global Wake-Up Call, the HHS Office of Civil Rights “OCR”) issued a Quick Response Cyber Attack … Continue Reading

Executive Order Directs Federal Agencies to Put Their Own Houses in Good Cybersecurity Order

On May 11, 2017, the White House issued an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure. The order mandates that federal department and agency heads take an active role in reviewing, improving, and modernizing cybersecurity risk management, and stands as major action toward enhancement of cybersecurity in the wake … Continue Reading

ALERT: Ransomware – a Global Wake-Up Call

U.S. Regulator Warns of “Evidence” of Global Cyber Assault Occurring Inside the U.S. and Steps Your Company Should Take Against a Ransomware Attack  On Friday, May 12, 2017, Laura Wolf, Critical Infrastructure Protection Lead of the Department of Health and Human Services (HHS) issued a notification stating that: HHS is aware of a significant cyber security … Continue Reading

Sedgwick LLP Cinthia Motley Named Illinois Cybersecurity Litigation Lawyer of the Year

Sedgwick LLP is pleased to announce that Cinthia Granados Motley, partner and co-chair of the firm’s Cybersecurity and Privacy Group, was named the 2017 Corporate International Global Awards Cybersecurity Litigation Lawyer of the Year in Illinois. In her legal practice, Motley handles data privacy and security matters assisting clients, domestically and internationally, to implement effective … Continue Reading

Preparing for PIPA — Data Protection and Implications for the Insurance Industry

On 2 December 2016, the administrative provisions of the Personal Information Protection Act 2016 (PIPA; the Act) came into force establishing the office and powers of the Privacy Commissioner and providing for the method of appointment of the Privacy Commissioner. The substantive provisions of the Act will not come into force until 2018. One objective … Continue Reading

Privacy and Security — How the 115th Congress’ Repeal of the FCC’s New Privacy Rules Has Made Your Data Less Private and Decreased National Security

Between news reports featuring Russian-gate scandals, Syrian missile attacks and challenges to North Korea, one important news item went oddly underreported. That is the story about a loss of our privacy and security by the new Congress. FCC’s new privacy rules In October 2016, the Federal Communications Commission passed new rules that would have required … Continue Reading

Pay Up or Else: Hacker Holds Television Network to Cyber Extortion Over Unreleased Shows Stolen From a Third Party Production Company

Television dramas have consistently shown us that authorities do not negotiate with kidnappers and they refuse to pay ransom. “Ransom”, a television series on CBS, portrays a team that works to resolve ransom cases, including in the recent season finale, ransom demanded by a hacker. In an updated twist on this television plot, but this … Continue Reading

Other States Start to Follow New York Lead on Cybersecurity of Regulated Entities

Last fall, in response to the “ever-growing threat” posed to information and financial systems, the New York State Department of Financial Services (“DFS”) proposed cybersecurity regulations that were designed to “promote the protection of customer information and information technology systems of regulated entities” Regulated “Covered Entities” were defined to mean any Person operating under or … Continue Reading

Breach Notification Update: New Mexico becomes the 48th State Requiring Breach Notification and Tennessee Adds a Safe Harbor for Encryption

As the frequency of data breaches continues, so do legislative developments on notification requirements that must be met in the event of a breach of Personally Identifiable Information (PII). Even as of now, not every state has enacted such legislation.  Until April, there were three holdouts.  Now, however, we are down to two:  Alabama and … Continue Reading

Sedgwick’s Cybersecurity Team Nominated for Advisen’s 2017 Cyber Risk Awards — Votes Welcomed!

Advisen, a leading provider of technology solutions for insurance companies, has short-listed Sedgwick’s Cybersecurity & Data Privacy group for their Fourth Annual Cyber Risk Awards. Specifically, Sedgwick is a finalist for the Cyber Law Firm of the Year award. The award recognizes the property and casualty insurance industry’s most influential cyber risk professionals. The Sedgwick … Continue Reading

“W-2 Phishing Attacks Targeting Businesses to Cash in on Busy Tax Season: 10 Tips to Protect Your Business”

Cyber criminals are taking advantage of tax season to lure valuable W-2 information from vulnerable businesses. An example of a common phishing scheme starts with a scammer posing as a legitimate employee of a company, sending an email that looks like it is coming from an internal email address, often the Human Resources department or … Continue Reading

FTC Settles Ashley Madison Data Breach Complaint

The operators of Ashley Madison, the dating website for married people that became famous following its massive data breach in 2015, settled claims brought by the Federal Trade Commission (“FTC”) regarding that breach and their security practices and representations. Ruby Corp., Ruby Life Inc., and ADL Media Inc. (collectively, “Ruby”), named as defendants, were responsible … Continue Reading

One Good Deal After Another – Navy Data Breach, Damages and Sovereign Immunity

“One good deal after another” – This old expression from my time of service in the USN popped into my head as I read news of the latest breach of information regarding Navy personnel. In sum, reported the Navy on November 23, the laptop of a government contractor supporting a naval contract was “compromised” and … Continue Reading

Strike Three – You’re Out – Data Breach Shareholder Derivative Lawsuit Against Home Depot Dismissed

On November 30, 2016, Judge Thomas W. Thrash dismissed a shareholder derivative action brought against Home Depot as a result of the breach of its security systems and theft of its customers’ personal financial data (“the Breach”) in 2014. In Re The Home Depot, Inc. Shareholder Derivative Litigation, Civ. No. 1:15-CV-2999, 2016 WL 6995676 (N.D. … Continue Reading

Governmental Updates You Need to Know About

In the past few weeks, the government issued alerts and guidance on two noteworthy topics involving data security issues: phishing and ransomware – discussed below: Don’t Get Phished: OCR Warns of Phishing Scheme Targeting HIPAA Covered Entities & Business Associates As previously reported in the March 21, 2016 and July 12, 2016 Blog Posts, the … Continue Reading

New Jersey TCCWNA Developments Affecting Online Retailers

The New Jersey Truth-in-Consumer Contract, Warranty and Notice Act, N.J.S.A 56:12-14, et seq. (“TCCWNA”) is a unique consumer protection statute that prohibits sellers and other commercial entities from providing consumer contracts or notices containing unenforceable terms. As stated by the sponsor of the Act, the inclusion of unenforceable provisions “deceives a consumer into thinking that … Continue Reading

OCR: Businesses Sharing Consumer Health Information Must Also Comply With FTC Act

In October 2016, the OCR issued a bulletin clarifying that businesses collecting and sharing consumer health information must comply with the FTC Act. The OCR specifically called out disclosure statements, declaring “You must also make sure your disclosure statements are not deceptive under the FTC Act.” Businesses dealing with health information are likely already familiar … Continue Reading
LexBlog