In our first post in this series, we discussed the origins of the NIST Cybersecurity Framework and gave our assessment that the Framework would serve not only as a helpful tool for companies looking for support in securing their networks, but also as a guidepost for best practices in the realm of data security. Recent guidance published by the FTC gives credence to this assessment. In a blog post made available to the public just last week (available here), the FTC discussed the Framework and noted favorably that its “functions signify the key elements of effective cybersecurity.” This post discusses the importance of the FTC’s insight and identifies the Framework’s “Core” components.
New York Temporarily Allows Remote Witnessing of Wills and Other Documents in Response to COVID-19 Pandemic
A panel of the United States Court of Appeals for the Third Circuit affirmed a district court decision granting defendant’s motion to dismiss in Longenecker-Wells v. Benecard Svcs. Inc., et al, No. 15-3538 (3rd Cir. 8/25/16) http://www2.ca3.uscourts.gov/opinarch/153538np.pdf.
HSE Partner and Chair of HSE's Privacy and Data Security practice F. Paul Greene will be speaking at the upcoming FBI cyber symposium entitled, "Cyber Security and Your Business," taking place on Tuesday, September 27, 2016 at the Rochester Institute of Technology.
Effective as of July 12, 2016, the European Union has implemented the new US-EU Privacy Shield (the “Privacy Shield”). The Privacy Shield permits US organizations to self-certify that they meet the requirements for protecting Europeans’ personal data (“EU Data”), allowing them to receive such data from EU organizations. The Privacy Shield is designed to replace the former US-EU Safe Harbor (the “Safe Harbor”), which was invalidated in a case decided by the Court of Justice of the European Union (the “CJEU”) in October of last year.
Dealing with Federal Trade Commission (“FTC”) cyber security standards can be a daunting task, as the FTC enforces cyber security issues under Section 5 of the Federal Trade Commission Act, which prohibits “deceptive” and “unfair” business practices generally. Beyond that general mandate, however, there are no hard-and-fast guidelines as to what the FTC considers to be “reasonable” by way of cyber security efforts a company may have taken before a breach. Indeed, the FTC has pointed to at least seven different sources of information as to what a company should do to keep customer and employee data safe: