Cybersecurity

Ten Years Strong: A Decade of Privacy and Cybersecurity Insights

Posted on January 31, 2019

Posted in Cybersecurity, European Union, General, Information Security, International, Online Privacy, U.S. Federal Law, U.S. State Law

In January 2019, Hunton Andrews Kurth celebrates the 10-year anniversary of our award-winning Privacy and Information Security Law Blog. Over the past decade, we have worked hard to provide timely, cutting-edge updates on the ever-evolving global privacy and cybersecurity legal landscape. Ten Years Strong: A Decade of Privacy and Cybersecurity Insights is a compilation of our blog’s top ten most read posts over the decade, and addresses some of the most transformative changes in the privacy and cybersecurity field.

Read Ten Years Strong: A Decade of Privacy and Cybersecurity Insights.

Reported Cyber Attacks on U.S. Electric Utilities and Government Agencies

Posted on January 23, 2019

Posted in Cybersecurity, Information Security

Hundreds of contractors and subcontractors with connections to U.S. electric utilities and government agencies have been hacked, according to a recent report by the Wall Street Journal. The U.S. government has linked the hackers to a Russian state-sponsored group, sometimes called Dragonfly or Energetic Bear. The U.S. government alerted the public that the hacking campaign started in March 2016, if not earlier, although many of its victims were unaware of the incident until notified by the Federal Bureau of Investigation and Department of Homeland Security, the Wall Street Journal reports.

Continue Reading Reported Cyber Attacks on U.S. Electric Utilities and Government Agencies

HHS Publishes Health Industry Cybersecurity Practices

Posted on January 10, 2019

Posted in Cybersecurity, Health Privacy, Information Security, Security Breach

The U.S. Department of Health and Human Services (“HHS”) recently announced the publication of “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (the “Cybersecurity Practices”). The Cybersecurity Practices were developed by the Healthcare & Public Health Sector Coordinating Councils Public Private Partnership, a group comprised of over 150 cybersecurity and healthcare experts from government and private industry.

Continue Reading HHS Publishes Health Industry Cybersecurity Practices

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Posted on January 2, 2019

Posted in Cyber Insurance, Cybersecurity, Security Breach, U.S. State Law

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. The law requires licensed insurance companies to notify state insurance authorities of data breaches within 72 hours of confirming that nonpublic information in the company’s (or a service provider’s) system was “disrupted, misused, or accessed without authorization.” The breach reporting requirement is in addition to notification obligations imposed under South Carolina’s breach notification law and applies if the insurance company has a permanent location in the state or if the breach affects at least 250 South Carolina residents, among other criteria. The 72-hour notice requirement takes effect January 1, 2019.

Continue Reading Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Agreement on Proposal for Cybersecurity Act

Posted on December 20, 2018

Posted in Cybersecurity, European Union

The European Commission (“Commission”), the European Parliament (“Parliament”) and the Council of the European Union reached an agreement earlier this month regarding changes to the Proposal for a Regulation on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology Cybersecurity Certification (the “Cybersecurity Act”). The agreement empowers the EU Cybersecurity Agency (known as European Union Agency for Network and Information and Security, or “ENISA”) and introduce an EU-wide cybersecurity certification for services and devices.

Continue Reading Agreement on Proposal for Cybersecurity Act

Supreme Court of Pennsylvania Ruling on Common Law Duty to Protect Electronic Employee Data

Posted on November 29, 2018

Posted in Cybersecurity, Security Breach

On November 21, 2018, the Supreme Court of Pennsylvania ruled that a putative class action filed against UPMC (d/b/a The University of Pittsburg Medical Center) should not have been dismissed.

Continue Reading Supreme Court of Pennsylvania Ruling on Common Law Duty to Protect Electronic Employee Data

BayLDA Publishes Review on Audits

Posted on November 9, 2018

Posted in Cybersecurity, European Union

On November 7, 2018, the Data Protection Authority of Bavaria for the Private Sector (the “BayLDA”) issued a press release describing audits completed and pending in Bavaria since the EU General Data Protection Regulation (“GDPR”) took force. Continue Reading BayLDA Publishes Review on Audits

New Ohio Law Creates Safe Harbor for Certain Breach-Related Claims

Posted on November 5, 2018

Posted in Cybersecurity, U.S. State Law

Effective November 2, 2018, a new Ohio breach law will provide covered entities a legal safe harbor for certain data breach-related claims brought in an Ohio court or under Ohio law if, at the time of the breach, the entity maintains and complies with a cybersecurity program that (1) contains administrative, technical and physical safeguards for the protection of personal information, and (2) reasonably conforms to one of the “industry-recognized” cybersecurity frameworks enumerated in the law. Continue Reading New Ohio Law Creates Safe Harbor for Certain Breach-Related Claims

Draft Bill Imposes Steep Penalties, Expands FTC’s Authority to Regulate Privacy

Posted on November 2, 2018

Posted in Cybersecurity, Enforcement, Information Security, U.S. Federal Law

On November 1, 2018, Senator Ron Wyden (D-Ore.) released a draft bill, the Consumer Data Protection Act, that seeks to “empower consumers to control their personal information.” The draft bill imposes heavy penalties on organizations and their executives, and would require senior executives of companies with more than one billion dollars per year of revenue or data on more than 50 million consumers to file annual data reports with the Federal Trade Commission. The draft bill would subject senior company executives to imprisonment for up to 20 years or fines up to $5 million, or both, for certifying false statements on an annual data report. Additionally, like the EU General Data Protection Regulation, the draft bill proposes a maximum fine of 4% of total annual gross revenue for companies that are found to be in violation of Section 5 of the FTC Act.

Continue Reading Draft Bill Imposes Steep Penalties, Expands FTC’s Authority to Regulate Privacy

Webinar on the SAFETY Act and Cybersecurity: Protecting Your Reputation and Reducing Liability Risk

Posted on November 1, 2018

Posted in Cybersecurity, Events

In 2002, Congress enacted the Supporting Anti-Terrorism by Fostering Effective Technologies Act (“the SAFETY Act”) to limit the liabilities that energy, financial, manufacturing and other critical infrastructure companies face in the event of a serious cyber or physical security attack. Continue Reading Webinar on the SAFETY Act and Cybersecurity: Protecting Your Reputation and Reducing Liability Risk

Privacy & Information Security Law Blog