Featured

LabMD CEO to share his FTC enforcement battle stories with RIT Information Security Policy and Law class

This fall, I have the pleasure of teaching a course on Information Security Policy and Law at the Rochester Institute of Technology Golisano College of Computing and Information Sciences.  When I was asked to teach, I welcomed the opportunity, because the course is directed at graduate level cybersecurity students, who don’t often get exposure to the legal and regulatory side of the cybersecurity equation.

Continue reading
448 Hits
Featured

Can All of Those State Data Breach Notifications Lead to More Data Breaches?

In an interesting IAPP article, Kelce Wilson, InfraGard General Counsel, describes how bad actors without any hacking expertise can potentially inject themselves into the middle of a data breach notification effort and engage in widespread identity theft. The other unanticipated consequence of data breach notification is this: with the trend toward public disclosure of data breach notification letters and statistics, more and more information is in the public domain about the types of data our organizations collect and whether or not we encrypt that data. Case in point, Massachusetts, where yearly Data Breach Notification Reports are available on-line. The 2018 Report shows data breaches reported to Massachusetts authorities this year.

Continue reading
546 Hits
Featured

The Risk in Your (Unprivileged) Risk Assessment

As cybersecurity regulatory frameworks mature, the move has been toward risk-adjusted security requirements rather than prescriptive controls mandated by a legislature or administrative agency.  This makes sense, of course, for two primary reasons. 

Continue reading
884 Hits
Featured

New Disclosure and Cybersecurity Guidance from the SEC

Adding to the chorus (or cacophony) of regulatory voices on the cybersecurity front, the SEC has recently issued new interpretive guidance concerning cybersecurity-related disclosures that public companies are required to make under federal securities laws.

Continue reading
1185 Hits
Featured

NYS DFS Part 500 E-mails Have Some Confused

Last week, NYS DFS began sending out e-mail notices to individuals stating that they had failed to comply with the Certification of Compliance requirement under 23 N.Y.C.R.R. §  500.17(b), which mandates that a Covered Entity under the regulations certify compliance annually.  The deadline for certification was February 15, 2018.

Continue reading
1770 Hits

Disclaimer

This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel