De-mystifying NIST - A Practical Introduction to the NIST Cybersecurity Framework

With the thicket of 47 often conflicting state data breach notification laws and the the Federal Trade Commission’s independent efforts to regulate cyber security (which is a hot topic, but one that is outside the scope of this post), businesses of all sizes and in all industries are looking for a cyber security standard that can be adopted as a best practice. 

Continue reading

Billions Spent on Data Security

On February 6, HSE Privacy and Data Security Practice Group Head F. Paul Greene presented on Greater Rochester Enterprise’s “Eyes on the Future” program. Paul, joined by Brian Hedges of Mengel Metzger Barr and Mike McCartney of Digits LLC, discussed why it is crucial for all companies, regardless of size, to take steps to protect their data. Paul also stressed pre-breach planning as key to mitigating risk when systems are compromised.

Continue reading

Big Data - Big Problem?

The Federal Trade Commission (“FTC”) recently issued a report, entitled, Big Data:  A Tool for Inclusion or Exclusion? Understanding the Issues (the “Report”), which is intended to guide companies involved in the commercial use of big data consisting of consumer information.

Continue reading

New Year - New Data Breach Notification Rules

With different and sometimes conflicting state data breach notification statutes, it was nearly inevitable that 2016 would see changes to the notification rules.  Below is a quick summary of some of the bigger changes those who deal with Personally Identifiable Information: 

Continue reading

CFPB Issues Its First Cyber Fine

On March 2, 2016, the Consumer Finance Protection Bureau (“CFPB”) fined Dwolla, Inc. $100,000 for falsely representing to customers the quality of its data security practices.  This is the CFPB’s first action on data security. 

Continue reading


This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel

Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.