Attorney General James Reaches Agreement with Hudson Valley Health Care Provider to Invest $1.2 Million to Protect Patient Data After 2021 Data Breach
From the NYS Attorney General’s Office:
Cybercrime: the fear of a possible misuse of personal data is capable, in itself, of constituting non-material damage under the GDPR
Judgment of the Court in Case C-340/21 The Bulgarian National Revenue Agency (the NAP) is attached to the Bulgarian Minister for Finance. In particular, it is responsible for identifying, securing and recovering public debts. In this context, it is a personal data controller. On 15 July 2019, the media reported an intrusion into the NAP […]
US SEC says no to new crypto rules; Coinbase asks court to review
Reuters reports: The U.S. Securities and Exchange Commission on Friday denied a petition by Coinbase Global (COIN.O) seeking new rules from the agency for the digital asset sector, which the country’s largest crypto exchange then sought to challenge in court. The five-member commission, in a 3-2 vote, said it would not propose new rules because it fundamentally […]
FCC Adopts Updated Data Breach Notification Rules To Protect Consumers
Commission to Expand Scope and Rule Requirements to Reflect Current Security Landscape WASHINGTON, December 13, 2023—The Federal Communications Commission today adopted rules to modify the Commission’s 16-year-old data breach notification rules to ensure that providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS) adequately safeguard sensitive customer information. Today’s action […]
Feds brace for implementation of SEC cyber disclosure rules
The Record reports: The U.S. government is readying to implement contentious new disclosure rules for digital attacks that could both create headaches for the private sector and law enforcement and shed invaluable light on the state of ransomware and online threats. On December 18, a rule passed earlier this year by the Securities and Exchange […]
Navigating the complexities of regulatory data incident investigations
From the law firm of Troutman Pepper Hamilton Sanders LLP: It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this series, “Your organization has suffered a data incident: […]
FBI explains how companies can delay SEC cyber incident disclosures
The Record reports: The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC). The document is a followup to new rules that the SEC approved in June requiring companies to quickly disclose “material” cybersecurity incidents and share the details of their cybersecurity risk management, […]
The EU’s Cyber Resilience Act Has Now Been Agreed
Inside Privacy writes: Read more at Inside Privacy.
DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company
On November 28, the New York State Department of Financial Services (DFS) issued a press release about a settlement stemming from a 2019 data breach: The New York State Department of Financial Services (DFS) today announced that First American Title Insurance Company (First American) will pay a $1 million penalty to New York State for […]
Update on Cyber Incident Reporting for Critical Infrastructure Act of 2022
Constangy, Brooks, Smith & Prophete, LLP writes: As we near the end of another year, it is time to look ahead to developments in the information security and privacy landscape. One area of particular importance is the development of regulations implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022. CIRCIA, which was signed into […]