NYS DFS Issues Final Version of Cybersecurity Regulations

Yesterday, the New York State Department of Financial Services released the final version of its new cybersecurity regulations, to be promulgated at 23 N.Y.C.R.R. Part 500, making some incremental changes against its last version, released on December 28, 2016. 

Continue reading

Employers Take Note: 11th Circuit Broadly Interprets “Loss” under CFAA

On January 25, 2017, in Brown Jordan Int’l, Inc. v. Carmicle (No. 16-11350), the U.S. Court of Appeals for the Eleventh Circuit held that expenses incurred by an employer while responding to the unauthorized access of company email accounts by a former employee, even absent an interruption of service, qualify as a “loss” under the federal Computer Fraud and Abuse Act (CFAA).  In doing so, the Eleventh Circuit broadly interpreted the CFAA, which permits civil actions only under specific circumstances, including instances when an individual “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains … information from any protected computer” resulting in a “loss” during any 1-year period of at least $5,000.

Continue reading

College Reports that It Fell Victim to W-2 Phishing Scam

Just days after the IRS released its recent alert concerning W-2 phishing scams (which can be found here), the College of Southern Idaho (“CSI”) reported that it too has become a victim.

Continue reading

Groundhog Day! W-2 Scams Reappear for 2017

The more things change, the more things stay the same, or so the adage goes.  Yesterday —which was very fitting for Groundhog Day —the IRS released a warning concerning the reappearance of phishing scams targeting W-2 information.  

Continue reading

HHS Reaches $475,000 Settlement with Health Care System over Late Data Breach Report

On January 9, 2017, the U.S. Department of Health and Human Services (“HHS”) announced its first enforcement action under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) involving delayed data breach reporting.  HHS settled alleged violations of the HIPAA breach notification rule committed by Presence Health, one of the largest health care networks in Illinois.  The settlement agreement called for Presence Health to pay $475,000 and to adopt a corrective action plan.  This settlement underscores the importance of understanding your organization’s HIPAA policies and procedures, and raises several practical considerations going forward.

Continue reading


This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel

Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.