Showing 11 posts by Taylor A. Gast.
HHS Office for Civil Rights Publishes Checklist for HIPAA Covered Entities Responding to Cybersecurity Incidents
The U.S. Department of Health and Human Service's Office for Civil Rights ("OCR") recently published guidance for entities covered by HIPAA, entitled "My entity just experienced a cyber-attack! What do we do now?" Read More ›
The District of Columbia Court of Appeals recently struck down a regulation from the Federal Aviation Administration ("FAA") mandating registration of all drones. The Court found that the registration requirement was too intrusive and overstepped the bounds of the FAA. The petitioner argued that the registration requirement imposed by the FAA violated the statute's clear instruction not to promulgate any rule or regulation relating to model aircraft. The Court found the argument persuasive and vacated the registration rule to the extent it applies to model aircraft used by hobbyist. Read More ›
Recently, international travelers have noticed US Customs and Border Protection agents with increased interest in searching cell phones, laptops, and other portable technology. Employers should be aware that this trend increases the risk that an unauthorized individual will access sensitive company information, which could result in an inadvertent data breach.
Some international travelers have been asked by border agents to unlock cell phones or provide a password needed to unlock the device. One report included a customs agent threatening to seize a travelers' phone if he did not unlock his cellphone. Employers are rightfully concerned that these searches may allow unauthorized individuals to access sensitive company information. Read More ›
In 2016 Lansing, MI's Board of Water and Light fell victim to a cyber-attack that resulted in $2.4 million in costs, including a $25,000 ransom paid to the perpetrators. In the aftermath of the breach, BWL announced that it was filing for a $1.9 million insurance claim under its cyber insurance policy, including $2 million in covered losses, less a $10,000 deductible.
There is a lot at stake for businesses when it comes to cyber-crime, which is why more and more businesses are investigating and purchasing cyber insurance to hedge against the risks associated with cyber security and data privacy. Read More ›
No matter how carefully, thoughtfully and diligently a company works to prevent it, data breaches happen. Company management, IT teams and outside consultants can do everything right and still end up dealing with a breach. That means that knowing how to best respond when (not if) a breach happens should be part of every company’s data protection strategy.
We recommend that every company assemble a security breach team, consisting of individuals inside and outside of the organization who possess different skill sets. This may include technology officers, as well as staff from IT, human resources, communications, legal departments, outside counsel, and outside vendors. The composition of the team will depend on the type and size of the organization, but each member should be in a position and have skills that enable the organization to quickly and properly respond to an incident. The team must also be equipped, authorized and empowered to evaluate and immediately react to an incident once it has occurred. Read More ›
We recently wrote about how a Cyberattack on Lansing, Michigan's Board of Water and Light ("BWL") resulted in costs nearing $2 million for technical support and equipment upgrades. In fact, BWL's total costs have now stretched to $2.4 million, including a $25,000 ransom paid to the attackers. These facts underscore that the costs of such attacks can be enormous, especially when ransomware is involved. Read More ›
A recent decision by the U.S. Court of Appeals for the Sixth Circuit (the “Sixth Circuit”) may make it easier for plaintiffs to bring costly lawsuits against companies that allow sensitive data to fall into the wrong hands. Most troubling from a company's perspective, the Sixth Circuit used language that some states legally require in data breach notification letters to justify allowing the case to move forward. Read more about this case here.
It sounds like something out of a Hollywood screenplay: foreign hackers, possibly from Russia, induce an unsuspecting employee of a major utility company to click on an email attachment that is infected with malware, enabling the hackers to cripple the utility’s computer systems unless a ransom is paid. Unfortunately, this story is fact, not fiction. Read More ›
Employers Should Audit and Update Employment-Related Policies and Agreements in Light of New “Defend Trade Secrets Act”
President Obama recently signed the Defend Trade Secrets Act (the “Act”) into law. The Act creates a new cause of action - which became effective immediately - for trade secret misappropriation.
Prior to the Act, civil claims for trade secret misappropriation were primarily governed by state law. The Act creates federal jurisdiction for claims brought under the Act, which provides plaintiffs with the option to sue in federal court. Read More ›
On June 21, 2016, the Federal Aviation Administration (“FAA”) released its much-awaited operational rules for drones. We have been tracking these rules for the last year. The biggest change from the proposed rules to final rules is that the final rules eliminate the need for commercial drone operators to obtain a manned aircraft pilot's license. Instead, drone operators will have to pass a knowledge test for unmanned aircraft. The test will be administered at FAA approved testing centers nationwide. Read More ›
- Trade Secrets
- Digital Assets
- Personal Publicity Rights
- IT Contracts
- Cloud Computing
- Venture Capital/Funding
- Electronic Health Records
- Fraud & Abuse
- Intellectual Property
- Employee Benefits
- Domain Name Registration
- Social Media