Featured

In Recent Record Settlement with Uber, State Attorneys General Issue Clear Message: Sweep a Breach Under the Rug and It Will Cost You

You don’t have to be a user of its ride-sharing services to know that in 2016, Uber was the victim of a massive data breach involving the theft of personal information belonging to about 57 million of its riders and drivers, including names, phone numbers, and driver’s license information.

Continue reading

Featured

LabMD CEO to share his FTC enforcement battle stories with RIT Information Security Policy and Law class

This fall, I have the pleasure of teaching a course on Information Security Policy and Law at the Rochester Institute of Technology Golisano College of Computing and Information Sciences.  When I was asked to teach, I welcomed the opportunity, because the course is directed at graduate level cybersecurity students, who don’t often get exposure to the legal and regulatory side of the cybersecurity equation.

Continue reading

Featured

Can All of Those State Data Breach Notifications Lead to More Data Breaches?

In an interesting IAPP article, Kelce Wilson, InfraGard General Counsel, describes how bad actors without any hacking expertise can potentially inject themselves into the middle of a data breach notification effort and engage in widespread identity theft. The other unanticipated consequence of data breach notification is this: with the trend toward public disclosure of data breach notification letters and statistics, more and more information is in the public domain about the types of data our organizations collect and whether or not we encrypt that data. Case in point, Massachusetts, where yearly Data Breach Notification Reports are available on-line. The 2018 Report shows data breaches reported to Massachusetts authorities this year.

Continue reading

Featured

Down But Not Out - States Point the Way to How the FTC Might Recover from the 11th Circuit’s LabMD Decision

In a classic story of “it’s never over until it’s over,” cybersecurity David LabMD challenged the FTC’s Goliathan ability to issue sweeping orders in relation to security concerns under Section 5(a) of the Federal Trade Commission Act.  LabMD had lost its challenge of the FTC’s underlying authority to issue such orders, but continued in its fight, ultimately challenging the wording of the FTC’s form order itself.  And LabMD ultimately won in a landmark decision that can be found here.

Continue reading

Featured

Second Equifax Employee Charged with Insider Trading Following Data Breach

On June 28, 2018 the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) announced parallel criminal and civil charges against Sudhakar Reddy Bonthu, a former software development manager, for selling his shares of Equifax stock before Equifax publicly announced that it had suffered an immense data breach

Continue reading

Disclaimer

This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel