On October 24, 2022, in a rare occurrence, the Federal Trade Commission (FTC) issued a proposed order against Drizly, an online alcohol ordering and delivery service provider, that specifically holds the company’s CEO as liable for the company’s failure to maintain appropriate security safeguards that led to a second data breach.
Continue Reading FTC: Drizly Executive Held to Be Individually Liable for 2018 Data Breach
Kristin Hardy
Kristin focuses on trademark clearance, trademark prosecution and enforcement, trademark litigation, copyrights, data privacy, and various IP infringement matters, as well as WIPO UDRP matters.
From Coast to Coast: New York Introduces New Bill Aiming To Enhance Protections For Children Online a Week After California Enacts Similar Law
Once again, California is setting trends in the world of privacy laws. On September 15, 2022, California’s Governor signed the first comprehensive state law to protect children’s online safety. A week later, on September 23, 2022, the New York Senate introduced a similar bill.
New York’s newly introduced Bill, S9563, the Child Data Privacy and Protection Act (“Bill”), largely mirrors the newly passed California law but has some added protections and procedures that online products targeting children must follow if the law is enacted.
Continue Reading From Coast to Coast: New York Introduces New Bill Aiming To Enhance Protections For Children Online a Week After California Enacts Similar Law
Multi-Factor Authentication: The New Norm for Cyber Insurance Coverage
Ransomware – a demand for a monetary payment to regain access to one’s data or network – continues to rock the charts as cyber criminals’ go-to, get-rich-quick scheme. As we know, the pandemic spurred the work-from-home or hybrid movement that likely will continue for years to come. With more and more employees working from home, more data is being shared remotely, leaving the door open for missed or inadequate computer and technology security. Phishing and fraud schemes and social engineering methods used to demand ransom are particularly attractive as they target and take advantage of the number one security risk – a company’s people.
Continue Reading Multi-Factor Authentication: The New Norm for Cyber Insurance Coverage
The Intersection of Data & Intellectual Property: You Want to Share it, but How do You Protect it?
Quite often, business data can be characterized as intellectual property. But you want to share your data with the world, or maybe just customers or clients. This can be tricky. Improper, premature, or unlawful disclosure of certain intellectual property can be damaging and detrimental to your business. So, how do you protect it?
As you have read here on Privacy and Data Security Insights, data privacy is concerned with properly handling one’s personal data – ensuring you get consent, provide notice, and meet applicable regulatory obligations. Another concern should be whether or how data is shared with third parties. However, it is essential to remember that some data, depending on the content, may be considered and protected as intellectual property.
Continue Reading The Intersection of Data & Intellectual Property: You Want to Share it, but How do You Protect it?
Think Again on Cybersecurity Training – Human Error Continues to Drive Numbers on Cybersecurity Attacks
You might think your run-of-the-mill privacy and cybersecurity training is sufficient. You might think that by “checking the box” on generic training you have fulfilled your duty and obligation to mitigate data privacy and cybersecurity attacks. You might think that general malware protection adequately secures your company’s data and you can move on with your everyday business efforts without concern.
Apache Log4j Security Vulnerability Is STILL a Problem – What is it, Who Does it Impact, and Should I do Anything About It?
You may have heard of a security vulnerability from December 2021 called Log4j that allows attackers to remotely gain control of a vulnerable device. You may also think this is old news and no longer an issue. Wrong. According to an April 26, 2022 report from researchers at the cybersecurity company Rezilion, there are currently over 90,000 vulnerable internet-facing applications and more than 68,000 servers that are still publicly exposed. That’s right – four months after the vulnerability was disclosed, a majority of affected open-source components remain unpatched and companies continue to use vulnerable versions of this tool. So, what is it anyways and do you need to take any action to mitigate the risk?
Continue Reading Apache Log4j Security Vulnerability Is STILL a Problem – What is it, Who Does it Impact, and Should I do Anything About It?
K-12 Cybersecurity Act: Federal Government Seeks to Improve Security for America’s Educational Institutions
On October 8, 2021, President Biden signed the bipartisan K-12 Cybersecurity Act of 2021 (the “Act”) in response to K-12 educational institutions facing cyber-attacks across the United States. The types of cyber incidents targeting K-12 information systems include denial of service, phishing, ransomware and malware, and other unauthorized disclosures of personal information.
While the Act itself does not detail specific requirements for K-12 educational institutions, it seeks to address the increasing risk of cybersecurity incidents by authorizing the director of the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a study on the specific cybersecurity risks currently facing K-12 educational institutions. The director has 120 days from the enactment of the Act to complete the study. The director will then have an additional 60 days to issue recommendations that include cybersecurity guidelines to assist K-12 educational institutions in responding to the cybersecurity threats described in the director’s study. In conjunction with cybersecurity recommendations, CISA will be developing an online training toolkit to educate school officials about the recommendations and to help ease the implementation of the recommendations by providing strategies for officials to take such action.
Continue Reading K-12 Cybersecurity Act: Federal Government Seeks to Improve Security for America’s Educational Institutions
‘Tis the Season…for Scams and Cybersecurity Threats
As we all prepare for what will undoubtedly be an unconventional holiday season, many of us are turning to our computers to check off items on our shopping list instead of bundling up to head to the mall. Online shoppers around the nation have already made the strongest showing in history with $10.8 billion in sales on Cyber Monday alone, which amounts to a 15.1% increase from last year, while foot traffic in brick and mortar stores was down 42.3% for Black Friday weekend. With the recent spikes in COVID-19 cases around the country, staying home and having those packages delivered right to your door step might seem like the safest way to go, but cyber criminals are pouncing at the online shopping frenzy to steal consumers’ personal and financial information.
This increased threat has been a common thread throughout 2020, as we saw cyber criminals amp up their tactics during the early days of the coronavirus crisis and when Americans received their CARES Act stimulus checks. Indeed, the bad guys are not taking a break because of COVID-19. The FBI reports that cybercrimes are up an astonishing 400% this year. Now it is more important than ever to understand how these criminals operate and how you can avoid falling victim to these crimes so that you can keep your celebrations holly and jolly.
Continue Reading ‘Tis the Season…for Scams and Cybersecurity Threats