Inadequately Secure

“Following the widely reported malware incident that occurred on Tuesday, 27 June, we have brought our email safely back online, and continue to bring other systems online in a secure manner,” DLA Piper said. “We have seen no evidence that client data was taken or that there was a breach of confidentiality of that data. Our investigation is ongoing and, as always, protecting client information remains our critical priority.” http://www.jdjournal.com/2017/07/04/dla-piper-email-system-restored-after-cyber-attack/ Would it be a breach of attorney-client privilege to admit that confidential client information had been taken?

The New Mexico Legislature passed the ‘ Data Breach Notification Act ’ (the Act) on March 15. Governor Susana Martinez has 20 days from the date the Act was passed to sign it into law. If enacted, the Act would require a person, other than a person who is subject to the  Health Insurance Portability and Accountability Act of 1996  or the  Gramm-Leach-Bliley Act , that “owns or maintains” records containing a New Mexico resident’s personal identifying information (PII) to notify the resident if his or her PII is “reasonably believed” to have been subject to a security breach. In most cases, notification is required within 45 days. Under the Act, PII is defined as an individual’s last name and first name or first initial in combination with one or more specified data elements, when the data elements are not rendered unreadable or unusable through encryption, redaction, or another means. The five specified data elements or categories of data elements in the Act are (i) social security

Phishing: A method of hacking where emails messages and websites are designed to look like they are coming from a trustworthy sender but actually include malicious links that enable hackers to access sensitive information such as usernames, passwords, and credit card details.

In September 2016, the New York Department of Financial Services (DFS) proposed the first statewide cybersecurity regulation of its kind. The proposed regulation mandated that insurance companies, banks, and other financial services institutions regulated by the DFS  (Covered Entities) establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry. The proposed regulation was scheduled to become effective on January 1, 2017. After reviewing more than 150 comments during the 45-day notice and public comment period, on December 28, 2016, the DFS published a revised proposed cybersecurity regulation.  The revised proposed regulation is now scheduled to become effective on March 1, 2017.  Covered Entities will have until September 1, 2017, to become compliant with the revised regulation, and until February 15, 2018, to submit a certificate of compliance to the DFS. Despite negative commen