Delaware has joined a growing number of states in updating and strengthening its data breach law. The new law expands the definition of what is considered personal information, requires companies to “implement and maintain reasonable security” for personal information in their possession, institutes a 60-day deadline for reporting the breach and mandates one year of free credit monitoring should a social security number be included in the breach. If your company has customers within the state of Delaware here a … Read More
In the unfortunate event that your privacy has been breached and personal images have been stolen, there are several steps that can be taken to have this content removed from the internet. It is important that the following processes are initiated quickly. Once content is on the internet, it can spread quickly and make this process much more difficult and time consuming.
Here is a brief example to show how quickly an image can spread, increasing the difficulty in removing … Read More
A new cyberattack, that is very similar to the WannaCry ransomware virus, is spreading across Europe. Taft’s Technology group is closely monitoring the situation and has prepared the following short summary of questions and answers about ransomware attacks, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.
Q: I have been hit with a ransomware attack, what are my options?
A: You can pay the ransom with the hopes of getting your … Read More
Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 tips to make sure your company is prepared in case of an attack.
- Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your
The Office of Civil Rights (OCR) first HIPAA settlement of 2017 is based on a failure to report a breach of health information in a timely manner. The settlement was reached with Presence Health, a large health care network that operates in approximately 150 locations in Illinois. Presence Health has agreed to settle the potential violations by paying a fine of $475,000 and implementing a corrective action plan to deal with this problem in the future.
The settlement stems from … Read More
To effectively guard against an enemy of any kind it’s important to know your enemy. This strategy is just as effective when fighting an online battle to protect your company’s data.
Before you can effectively defend against cyberattacks, it is important to educate yourself on potential threats and how to handle them. We invite you to join us on September 7 for part two of the Columbus Cybersecurity Series featuring FBI agent David Fine returns. During this portion of the … Read More
Savvy in-house counsel and business owners often ask are whether the insurers selling cyber policies actually pay claims or whether the policyholders are just buying the right to later sue the insurers for coverage. The initial wave of cyber insurance litigation involved policyholders trying to obtain coverage for data breaches under their standard commercial general liability policies. This produced mixed results with some courts finding coverage, while others did not. The next wave of cyber insurance litigation involved policyholders asserting … Read More
The Seventh Circuit may have gone a long way to opening a flood of data-breach class actions when it held that “injuries associated with resolving fraudulent [credit-card] charges and protecting oneself against future identity theft” suffice as injuries to confer Article III standing on the plaintiffs in Remijas v. Neiman Marcus Group, LLC.
Standing (whether a plaintiff has suffered an injury the courts will recognize) has historically proven to be a substantial hurdle to plaintiffs seeking to bring class … Read More
What Can Boards Do?
Board oversight should include a comprehensive plan to respond to a cyber incident or data breach, with senior management fully trained with respect to such plan. Moreover, the plan should be continually updated, fully rehearsed and stress tested, so that responding to an incident or breach is virtually instinctive, and responding to a cyber incident is not being … Read More
You’ve seen the headlines. Computer hackers access personal, financial and medical data for millions of Anthem and Premera Blue Cross customers. Hard drives containing tens of thousands of individuals’ insurance information stolen while in route from the Indiana State Medical Association to an offsite storage facility. We are all familiar with data breaches caused by external hacks into company data storage systems and stolen equipment, but what about data breaches caused by internal bad actors? Beware of the rogue employee! … Read More