Featured

The Risk in Your (Unprivileged) Risk Assessment

As cybersecurity regulatory frameworks mature, the move has been toward risk-adjusted security requirements rather than prescriptive controls mandated by a legislature or administrative agency.  This makes sense, of course, for two primary reasons. 

Continue reading
378 Hits
Featured

New Disclosure and Cybersecurity Guidance from the SEC

Adding to the chorus (or cacophony) of regulatory voices on the cybersecurity front, the SEC has recently issued new interpretive guidance concerning cybersecurity-related disclosures that public companies are required to make under federal securities laws.

Continue reading
826 Hits
Featured

NYS DFS Part 500 E-mails Have Some Confused

Last week, NYS DFS began sending out e-mail notices to individuals stating that they had failed to comply with the Certification of Compliance requirement under 23 N.Y.C.R.R. §  500.17(b), which mandates that a Covered Entity under the regulations certify compliance annually.  The deadline for certification was February 15, 2018.

Continue reading
1121 Hits
Featured

Jail time for concealing a data breach? The Uber breach raises the stakes again in relation to breach response.

On November 30, three Senate Democrats introduced the now third pending bill concerning data breach response and substantive data security requirements, all three of which came in the wake of the Uber and Equifax data breaches, and the stunning revelation that Uber hid the breach for over a year.  Indeed, as is now well known, Uber went so far as to pay a hacker or hackers to conceal the breach and delete the compromised data.

Continue reading
1466 Hits
Featured

Rise of the Plaintiff Jurisdictions - Local Edition (with some help from the Plaintiffs’ bar)

Like a rider hailing an overcrowded uberPOOL heading to O’Hare on a busy weekday, the City of Chicago has joined the feeding frenzy surrounding the recently disclosed and controversially handled Uber breach. 

Continue reading
1180 Hits

Disclaimer

This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel