Paul Greene

February 06, 2024 | New York Law Journal

A recent enforcement trend shows risks of concurrent jurisdiction under HIPAA and beyond.

By F. Paul Greene

8 minute read

January 02, 2024 | New York Law Journal

A discussion of the legal considerations surrounding ransomware payments.

By Paul Greene

8 minute read

June 28, 2023 | New York Law Journal

A discussion of AI strategy in light of developing technologies and regulation including an overview of current legal restrictions in relation to AI; the developing body of guidance on the issue and common-sense considerations that will help organizations draft a rational and defensible AI strategy.

By F. Paul Greene

8 minute read

May 26, 2023 | New York Law Journal

The NY Department of Financial Services published a consent decree last week where a crypto company was fined $1.2 million for not conducting proper information security risk assessments and using template policies, without customizing them to fit the company. This article discusses this consent decree and the importance of robust risk assessment procedures and tailoring an information security program to an organization's specific needs.

By Paul Greene

8 minute read

March 01, 2023 | New York Law Journal

With all the focus on artificial intelligence lately, this article provides a deep dive into incident response preparation and the importance of developing actual intelligence (of actual humans!). Conducting regular table-top drills can help to expand the knowledge of incident responders and strengthen the company's incident response.

By Daniel J. Altieri and F. Paul Greene

8 minute read

November 22, 2022 | New York Law Journal

The risk of overlapping jurisdiction in the data protection space increases both with the frequency of reported breaches and the adoption of new data protection regimes in the various states. This overlapping authority and jurisdiction can lead to so-called "piling on," where one investigation by or settlement with a regulatory authority is followed by another. Case in point, the recent EyeMed consent order, entered into by EyeMed Vision Care and the New York State Department of Financial Services.

By Paul Greene

8 minute read

June 23, 2022 | New York Law Journal

This article provides a discussion of Connecticut's recently enacted Senate Bill, SB6, which is one of a number of comprehensive state-law data protection regimes passed in recent years, led by the California Consumer Privacy Act. The bill marks a trend toward uniformity in state-law privacy regimes.

By Paul Greene

8 minute read

March 10, 2022 | New York Law Journal

If history and developments in other states are any guide, 2022 could be the year that New York adopts a comprehensive data protection statute in the form of the Act.

By Paul Greene

8 minute read

June 28, 2021 | New York Law Journal

In the 2021 session, the New York legislature considered no fewer than four major data protection proposals.

By F. Paul Greene

8 minute read

November 09, 2020 | New York Law Journal

Organizations are best served by preparing in advance and honing the appropriate legal tools for use in a ransomware attack before the attack occurs. Planning for a ransomware event will always be imperfect, but failing to prepare could be catastrophic.

By Paul Greene and Daniel J. Altieri

8 minute read