De-mystifying NIST, Part II: The NIST Cybersecurity Framework Core and the Federal Trade Commission’s Focus on “Reasonableness”

In our first post in this series, we discussed the origins of the NIST Cybersecurity Framework and gave our assessment that the Framework would serve not only as a helpful tool for companies looking for support in securing their networks, but also as a guidepost for best practices in the realm of data security.  Recent guidance published by the FTC gives credence to this assessment.  In a blog post made available to the public just last week (available here), the FTC discussed the Framework and noted favorably that its “functions signify the key elements of effective cybersecurity.” This post discusses the importance of the FTC’s insight and identifies the Framework’s “Core” components.

Continue reading

Third Circuit Upholds Pennsylvania’s Economic Loss Doctrine in Data Breach Case

panel of the United States Court of Appeals for the Third Circuit affirmed a district court decision granting defendant’s motion to dismiss in Longenecker-Wells v. Benecard Svcs. Inc., et al, No. 15-3538 (3rd Cir. 8/25/16)

Continue reading

HSE's F. Paul Greene to speak at upcoming FBI Cyber Security Symposium

HSE Partner and Chair of HSE's Privacy and Data Security practice F. Paul Greene will be speaking at the upcoming FBI cyber symposium entitled, "Cyber Security and Your Business," taking place on Tuesday, September 27, 2016 at the Rochester Institute of Technology.

Continue reading

The New US-EU Privacy Shield

Effective as of July 12, 2016, the European Union has implemented the new US-EU Privacy Shield (the “Privacy Shield”).  The Privacy Shield permits US organizations to self-certify that they meet the requirements for protecting Europeans’ personal data (“EU Data”), allowing them to receive such data from EU organizations.  The Privacy Shield is designed to replace the former US-EU Safe Harbor (the “Safe Harbor”), which was invalidated in a case decided by the Court of Justice of the European Union (the “CJEU”) in October of last year.

Continue reading

FTC Closes 70% of Cyber Security Cases It Opens, but That’s Not All Good News

Dealing with Federal Trade Commission (“FTC”) cyber security standards can be a daunting task, as the FTC enforces cyber security issues under Section 5 of the Federal Trade Commission Act, which prohibits “deceptive” and “unfair” business practices generally.  Beyond that general mandate, however, there are no hard-and-fast guidelines as to what the FTC considers to be “reasonable” by way of cyber security efforts a company may have taken before a breach.  Indeed, the FTC has pointed to at least seven different sources of information as to what a company should do to keep customer and employee data safe:

Continue reading


This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel

Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.