New Cybersecurity Regulations from the NYDFS – What do They Mean?

New, groundbreaking cybersecurity regulation promulgated by the New York Department of Financial Services requires organizations under its jurisdiction to establish and maintain cybersecurity programs. Unlike current federal law that allows substantial flexibility for institutions to implement reasonable security safeguards, the new NYDFS regulations dictate specific, prescriptive measures companies must take to detect, prevent and report cybersecurity threats. Who is covered and what is required?

Data Privacy & Information Governance Get Intimate

Data privacy and information governance get intimate in a recently-settled claim against the Canadian company We-Vibe. The lawsuit alleged that they violated customers' privacy by tracking the very intimate details surrounding usage of "adult sensual lifestyle products," which illustrates again the complexity and ramifications of data collecting, aggregation, and analytics in today's world. And what's particularly interesting is something we've discussed before on this blog, data context.

Won’t Someone Please Think of the Children?

Last month in Poway, California, Gabriela Dow, a member of the district’s Educational Technology Advisory Committee, made a fairly routine public records request for information from the school district. She sought information related to the day-to-day operation and technology of the school district, as well as any records bearing her own name. But what Ms. Dow actually received was quite troubling.

Stay Informed: CyberSecurity Alerts for Lawyers

I recommend that all lawyers stay informed about these FBI cybersecurity alerts and the cybersecurity threats that prompt them. In fact, I believe our ethical duties obligate us to take this reasonable step, which will ebable us to better protect the confidential and private information of our clients.

A New Framework for Trans-Atlantic Data Transfers: The EU-U.S. Privacy Shield

On February 2, 2016, the European Commission and the U.S. Department of Commerce announced a new framework to govern the transfer of data from the EU to the United States, referred to as the EU-U.S. “Privacy Shield." The new protocol is intended to replace the 15-year-old Safe Harbor agreement that the European Court of Justice struck down in October, on the grounds that it failed to adequately protect the privacy rights of EU citizens.