November 09, 2020 | New York Law Journal
Refine Your Legal Toolkit Before Ransomware StrikesOrganizations are best served by preparing in advance and honing the appropriate legal tools for use in a ransomware attack before the attack occurs. Planning for a ransomware event will always be imperfect, but failing to prepare could be catastrophic.
By Paul Greene and Daniel J. Altieri
8 minute read
March 31, 2020 | New York Law Journal
CCPA and Beyond: Mandating Data Protection by Regulation Creates ConfusionA hallmark of U.S. administrative law is that policy decisions are made by the Legislature, with gaps filled in via regulation. Administrative agencies are given discretion and courts show special deference to an agency's area of expertise. In the arena of data protection, this separation of powers is being put to the test and causing confusion for businesses seeking to comply with data protection duties.
By F. Paul Greene
8 minute read
November 25, 2019 | New York Law Journal
Experimentation in Privacy Law Leads to Increased ComplexityIt has always been a "happy incident" of our federal system that a "courageous State" may "try novel social and economic experiments without risk to the rest of the country." In relation to data protection laws, however, this has led to an unintended and potentially unworkable level of complexity on the national level.
By F. Paul Greene
8 minute read
July 26, 2019 | New York Law Journal
New York SHIELD Act Promises More Data Breach Enforcement, and International ReachNew York has brought itself into line with a number of states concerning how they define a data breach, and, where applicable, what substantive security controls they require.
By F. Paul Greene
8 minute read
August 03, 2018 | New York Law Journal
11th Circuit Decision in LabMD Case Could Have Repercussions Beyond the FTCThe 11th Circuit found the order fatally lacking in detail, noting that it effectively left it up to the District Court to determine whether LabMD's activities to secure patient data for the next 20 years were “reasonable.”
By F. Paul Greene and Daniel J. Altieri
1 minute read
April 12, 2018 | FC&S Insurance
NYS DFS Issues Sweeping New FAQs Affecting Scope of Its Cybersecurity RegulationsThe cybersecurity regulations from the New York State Department of Financial Services (DFS) that went into effect on March 1, 2017 have had wide-reaching…
By F. Paul Greene
7 minute read
March 28, 2018 | New York Law Journal
NYS DFS Issues Sweeping New FAQs Affecting Scope of Its Cybersecurity RegulationsThese new FAQs, and the FAQs issued previously, help clarify areas of uncertainty under Part 500. The problem with the FAQs, however, is that they are non-binding and can be changed at will, however unlikely an abrupt or material change from DFS may be.
By F. Paul Greene
7 minute read
September 13, 2017 | New York Law Journal
The Equifax Breach: Why This One Is DifferentF. Paul Greene
By F. Paul Greene discusses the recent Equifax breach, including topics such as what is a breached organization's duty to notify its customers, and the role of risk assessment. He further explores what comes next.
16 minute read
August 25, 2017 | New York Law Journal
Grace Period Expires for Cybersecurity Regulations in NY: What Comes Next?F. Paul Greene writes: The day has finally arrived for the financial services industry in New York. The new cybersecurity regulations issued by the New York State Department of Financial Services are officially in force, and for the first time, a single state is regulating cybersecurity on a potentially global scale, and it has done so via the regulatory process, not legislative action.
By F. Paul Greene
16 minute read
February 28, 2017 | New York Law Journal
Final DFS Cybersecurity Regulations: Questions of Scope and Effect LingerF. Paul Greene of Harter Secrest & Emery writes: It has been a wild ride for the banking, insurance, and financial services industries in New York over the past five months. But now the New York State Department of Financial Services has released the final version of its cybersecurity regulations, maintaining its new risk-adjusted approach. Important questions concerning the scope and effect of the regulations remain, however.
By F. Paul Greene
16 minute read