On November 21, 2018, the Supreme Court of Pennsylvania issued an opinion that could have far-reaching implications both inside and outside the state of Pennsylvania. In its opinion in Dittman v. UPMC, the court ultimately held that an “employer has a legal duty to exercise reasonable care ...
On May 7, 2018, New Jersey Attorney General Gurbir Grewal announced the formation of a new civil enforcement unit focused on enforcing laws that protect the data privacy and cybersecurity of New Jersey residents. The Data Privacy & Cybersecurity (DPC) Unit has the authority to enforce laws ...
On May 29, 2018, Colorado Governor John Hickenlooper signed HB 18-1128, a law that aims to statutorily require reasonable procedures and practices for safeguarding personally identifiable information. The unanimously passed piece of legislation will take effect in September of this ...
Today marks the beginning of a long-awaited and, in some circles, long-feared era—the General Data Protection Regulation (GDPR) is officially in effect. In the months leading up to today, many technology companies have been scrambling to comply with the new regulation. The GDPR, among ...
On May 17, 2018, the Purchase Card Industry Security Standards Council (PCI SSC) released version 3.2.1 of its PCI Data Security Standard (PCI DSS). Founded in 2004 by Visa, MasterCard, Discover, and American Express, the PCI SSC produces the “best practices” for enhancing the security ...
On April 11, 2018, the Seventh Circuit reversed and remanded a district court decision dismissing, for a lack of standing, a class action brought against Barnes & Noble related to a 2012 “skimming” attack suffered by the bookseller.
In a decision penned by Judge Easterbook, the court ...
On Thursday, November 30, 2017, three Democratic senators introduced a new bill called the Data Security and Breach Notification Act in the government’s latest effort to strengthen the nation’s cybersecurity. Of note, the bill requires companies to notify customers within 30 days of ...
In the wake of the recent Equifax data breach, the United States House of Representatives recently passed legislation that requires the federal government to assist small businesses in guarding against cyber-attacks by providing them with tools to do so. The bill, entitled the “NIST ...
After one of the largest cybersecurity breaches in United States history, three Equifax Inc. executives have been accused of what essentially amounts to insider trading.
Keeping up with the trend of state governments taking a proactive approach to cybersecurity, on August 17, 2017, Governor John Carney of Delaware signed into law a bill creating more stringent notification requirements on companies doing business in Delaware in the event of a data breach.