FTC’s Advice to Companies Targeted in Phishing Scams: Remember, You’re Not the Only Victims.

In previous posts, we’ve highlighted the FTC’s broad regulation of the use, storage and protection of consumer data under Section 5(a) of the FTC Act and discussed how the FTC relies upon its authority under the Act to flex its muscles in the cybersecurity realm. The FTC’s touchstone for data protection is “reasonableness” and for guidance as to its expectations as to what is deemed reasonable, the FTC has pointed businesses to its speeches, congressional testimony, articles, blog entries, Commission materials and published settlements.  It is for this reason that a blog post published last week on the FTC’s website regarding what to do if businesses are impersonated as part of a phishing scam is so interesting.  

Continue reading

FCC Chairman Intends to Block Controversial New Privacy Rule

Last Friday, Federal Communications Commission (FCC) Chairman Ajit Pai announced his intent to block a controversial new privacy rule that was adopted under the Obama administration and intended to protect consumer information from disclosure by broadband Internet providers.

Continue reading

SEC Warns Cybersecurity Remains a Top Priority in 2017

On January 12, 2017, the Securities and Exchange Commission (SEC) announced this year’s priorities and areas of focus of its Office of Compliance Inspections and Examinations (OCIE). The OCIE conducts the SEC’s National Examination Program and promotes compliance with federal securities laws. 

Continue reading

NYS DFS Issues Final Version of Cybersecurity Regulations

Yesterday, the New York State Department of Financial Services released the final version of its new cybersecurity regulations, to be promulgated at 23 N.Y.C.R.R. Part 500, making some incremental changes against its last version, released on December 28, 2016. 

Continue reading

Employers Take Note: 11th Circuit Broadly Interprets “Loss” under CFAA

On January 25, 2017, in Brown Jordan Int’l, Inc. v. Carmicle (No. 16-11350), the U.S. Court of Appeals for the Eleventh Circuit held that expenses incurred by an employer while responding to the unauthorized access of company email accounts by a former employee, even absent an interruption of service, qualify as a “loss” under the federal Computer Fraud and Abuse Act (CFAA).  In doing so, the Eleventh Circuit broadly interpreted the CFAA, which permits civil actions only under specific circumstances, including instances when an individual “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains … information from any protected computer” resulting in a “loss” during any 1-year period of at least $5,000.

Continue reading


This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel