Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Peter Marta

Posts by Peter Marta
Posted in Cybersecurity & Data Breaches, Privacy & Security Litigation

Cyber Investigations and Privilege: Court Finds Forensic Report not Covered by Work Product Doctrine

Last week, the U.S. District Court for the Eastern District of Virginia ordered Capital One to produce a forensic investigation report in multidistrict litigation arising out of the cyber incident Capital One announced in July 2019. The court found that the report was not protected by the work product doctrine because Capital One had not shown that “but for” the litigation the report would not have been prepared in substantially the same form. The opinion offers some lessons for companies entering into arrangements with forensic experts in advance of cyber events.

Posted in Cybersecurity & Data Breaches

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services released new cybersecurity guidance in response to the COVID-19 pandemic. The guidance highlights the heightened cybersecurity risks from the current crisis and NYDFS’ expectations that its regulated entities address those risks as large portions of their workforce have shifted to remote working arrangements.

Posted in Consumer Privacy

COVID-19 and IT Service Provider Contracts: A Checklist for Force Majeure Events

COVID-19 has impacted organizations’ relationships with their IT service providers, who often play an important role in securing their data and systems. Under current conditions, some service providers may face challenges in performing this work. Potential non-performance has significant consequences for service providers and their clients alike. To prepare for these challenges, entities that have contracts with service providers—and service providers themselves—should carefully review their existing agreements and any force majeure-type provisions in particular. This post includes our COVID-19 service provider risk mitigation checklist.

Posted in Cybersecurity & Data Breaches, News & Events

Employers Take Notice: Increased Cybersecurity Threats Amid Coronavirus Precautions

On March 11, the Word Health Organization officially characterized the coronavirus (COVID-19) outbreak as a pandemic. During the outbreak, many employers around the world are seeking to prioritize the well-being and safety of their employees by asking them to work remotely instead of risking exposure while commuting and working in populated office spaces. Organizations need to take into account increased risks to the security of their networks, systems, and data during this time.

Posted in Cybersecurity & Data Breaches

New York State Expected to Increase Enforcement of Cybersecurity Practices

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services Cybersecurity Regulation and the effective date of the Stop Hacks and Improve Electronic Data Security Act. The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations on regulated organizations. The Act has a particularly broad reach, impacting any company that owns or licenses private information of New York residents.

Posted in Cybersecurity & Data Breaches

SEC Releases Cybersecurity and Resiliency Observations: A Potentially Useful Guide for Businesses

In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC Office of Compliance Inspections and Examination published on January 27 its latest Examination Observations related to cybersecurity and operational resiliency practices.

Posted in Cybersecurity & Data Breaches

“Cyber Hunt” Legislation Passes U.S. Senate: Any Implications for Business?

In a legislative environment charitably described as challenging, the fact that the Senate recently passed cybersecurity legislation by unanimous consent is noteworthy and highlights the bipartisan nature of this issue. The DHS Cyber Hunt and Incident Response Act responds to the recent spate of ransomware attacks against government agencies and private sector organizations. It would require the Department of Homeland Security to form “cyber hunt” and incident response teams that could be called upon to assist federal, state, and local entities to respond to a ransomware or other type of cybersecurity incident or to identify vulnerabilities in their systems that may increase the likelihood and success of a future attack. While continued government attention to the availability of cybersecurity capabilities should be welcomed by the private sector, the extent to which businesses will directly benefit from this legislation is unclear given its focus.

Posted in Cybersecurity & Data Breaches

New York Enacts New Data Security Laws

On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding the scope of information covered by New York’s data breach notification law; defining breaches to include incidents involving unauthorized access to covered information, even where the information is not acquired; and requiring consumer reporting agencies who suffer breaches of social security numbers to offer up to 5 years of identity theft services. Businesses maintaining the private information of New York residents also will now be required to proactively develop “reasonable safeguards” within their organization as part of a new “reasonable security requirement.”