Privacy, Data & Cyber Law


Lawsuits Highlight Looming Requirements for Handicapped-Accessible Websites
October 26, 2017 | Shari Claire Lewis | Nancy A. Del Pizzo
Today, most businesses are e-businesses, and all e-businesses should take note. There has been an explosion in the number of lawsuits filed in the Federal Courts seeking damages and injunctive relief under Title III of the Americans With Disabilities Act, 42 U.S.C. § 12182(a) (the “ADA”) based on alleged failures to provide accommodations that enable …
Read More
Does Our Digital Age Require New Fourth Amendment Rules?
October 17, 2017 | Shari Claire Lewis
It’s 10 p.m. Your cellphone knows where you are. It also knows where you are at 10:00 in the morning, at 7:00 in the evening, and at noon and midnight and at every other moment of the day. We live in a world where cellphones are omnipresent. We have them at home, at work, and …
Read More
New York Legislature Broadens Telehealth Services Coverage for Adult Care Facilities
October 16, 2017
New York continues to drive legislative reform to promote telehealth services – clinical healthcare provided remotely through information technology. Most recently the state legislature passed a bill that expands the definition of “originating sites” where telehealth services may be provided to Medicaid patients in an effort to lower costs and health risks. For background, in …
Read More
The NAIC Cyber Security Model Law Is Ready for Its Debut
September 20, 2017 | Jay D. Kenigsberg
The National Association of Insurance Commissioners (NAIC) has advanced its Insurance Data Security Model Law (“Model Law”) for likely adoption at its annual Fall National Meeting this December. The purpose of the new Model Law will be to improve the insurance sector’s ability to respond to cyber incidents. The “insurance sector” includes insurers, agents and …
Read More
Equifax Breach Update
September 13, 2017 | Shari Claire Lewis
Equifax’s response to its recent data breach is evolving, and so should yours. Piling on to the initial public fury regarding Equifax’s announcement of its data breach weeks after it occurred is the outrage that many feel about the credit reporting agency’s response. Cyber pundits and the public at large were particularly peeved by Equifax’s …
Read More
How to Respond to the Equifax Security Breach
September 8, 2017 | Shari Claire Lewis
Yesterday, Equifax, a company whose credit services are central to the financial activities of virtually every American, announced a massive security incident described by its CEO as an event that struck at the heart of what Equifax does. Approximately 143 million U.S. consumers had personal information, such as their names, social security numbers, birth dates …
Read More
Kenigsberg Published in Pratt’s Privacy & Cybersecurity Law Report
August 18, 2017 | Jay D. Kenigsberg
Jay Kenigsberg’s article entitled, “United States v. Ulbricht: Dread Pirate Roberts Pushes the Envelope of the Fourth Amendment,” was published in the September 2017 issue of Pratt’s Privacy & Cybersecurity Law Report. Click here to read the Report. …
Read More
Social Media Grabs the U.S. Supreme Court’s Attention
August 15, 2017 | Shari Claire Lewis
It is a truism that law often lags technology. Near the end of the U.S. Supreme Court’s past term, the court issued a decision in which the majority opinion, by Justice Anthony Kennedy, recognized the importance of social media in most people’s lives. The ramifications of the court’s statements about social media, in Packingham v. …
Read More
Blockchain: Unlinking Hype from Reality
June 21, 2017 | Jay D. Kenigsberg
On June 15, 2017, AIG and Standard Chartered Bank announced the first multinational smart contract-based insurance policy to function on the blockchain. AIG partnered with IBM to manage and place multiple insurance policies across multiple countries by using an advanced blockchain framework.  In essence, the bank’s clients in the U.K., U.S., Singapore and Kenya will …
Read More
Asserting Damages for Data Piracy Under the CFAA
June 20, 2017 | Shari Claire Lewis
Data often is the lifeblood of a business. When a database is breached in one way or another, the results can be devastating—especially if the data falls into the hands of a competitor. Many companies suffering this kind of loss turn to litigation. Perhaps in an effort to obtain federal court jurisdiction, they may assert …
Read More
ABA Issues New Guidance on Confidentiality and the Use of Technology
May 17, 2017
The American Bar Association’s Standing Committee on Ethics and Professional Responsibility recently issued a Formal Opinion, providing updated recommendations regarding lawyers’ obligations when using technology resources to communicate with clients and to protect confidential client information. Since 1999, the Committee has advised that the ABA Model Rules of Professional Conduct permit an attorney to transmit …
Read More
UK Health System Infected by Ransomware
May 12, 2017
In a cautionary tale for all companies, but especially healthcare organizations, on May 12, 2017, multiple news sources reported that a broad cyberattack using ransomware caused substantial interference with critical systems across Europe, Russia and Asia. (See e.g., New York Times, BBC News and Silicon Angle.) According to the New York Times, the  attacks were …
Read More
Trump Administration Reverses Broadband Provider Privacy Protections
April 24, 2017
On April 3, 2017, President Donald J. Trump signed into law S.J. Resolution 34, a partisan-enacted joint congressional resolution disapproving of (and thus negating) a rule submitted in 2016 by the Federal Communications Commission (“FCC”), which provided additional protections to consumers when using broadband services.  The result is a reversal in privacy provisions that were …
Read More
Second Circuit Rejects Secret-Cookie Suit
April 21, 2017
By now, anyone who uses a cell phone or other method to access the Internet—virtually everyone—has heard of “cookies” intended to track their online activities. Many individuals who object to tracking take steps to block cookies through privacy settings on their web browsers and other technologies. However, in a decision with important implications for those …
Read More
Democratic State Senators among the Latest to Fall Prey to Ransomware Attack
March 21, 2017
The Democrats in the Pennsylvania State Senate recently fell victim to a ransomware attack that locked lawmakers and their staffs out of their computer, data, email and website. Hackers were able to infect the party’s network with malware and demanded a ransom payment in bitcoin in order to remove the virus and unlock the files. …
Read More
FTC Continues to Focus on Data Protection

During 2016 the United States Federal Trade Commission (FTC) announced six formal enforcement actions. All involved corporate failures to protect sensitive personal information (health, financial or other) belonging to customers, other consumers or employees. These included proceedings against the owners of AshleyMadison.com (failure to protect the information of 36 million dating site users) and ASUS TeK …
Read More
FDA Addresses Cyber-Security Risks in Connected Medical Devices

The “Internet of Things”  has pervaded every facet of our society thereby introducing unanticipated cyber risks into everyday life. Often overlooked and particularly disconcerting are the cyber risks inherent in connected medical devices. Nevertheless, caregivers and patients alike should be aware that any medical device that depends on interactive computer technology may be vulnerable to …
Read More
Online and Social Media Defamation in Today’s Age
February 21, 2017
Twitter, Facebook, Instagram, and other forms of social media are becoming the dominant communication tools in today’s political and social discourse, often entirely supplanting traditional media’s role in public commentary. Social media’s emerging role, combined with the extreme divisions so evident in our country, have caused the courts to consider application of pre-Internet legal standards …
Read More
Courts Consider Whether Employers Have a Duty to Safeguard Employee Personal Information
January 19, 2017
Employers regularly collect and maintain confidential personal information about their employees, including birth dates, social security numbers, addresses, tax information, and bank information.  A data breach may put this employee information at risk.  In two recent decisions, courts have had to consider the scope of employers’ duties to their employees to protect confidential personal information …
Read More
N.Y. Announces Revisions and Delayed Implementation of Cyber Regulations
January 12, 2017
In September 2016, New York Governor Andrew Cuomo announced a new regulation that would require banks and insurers to implement cyber security programs. Specifically, the proposed regulation required covered entities, defined as any entity operating under a license or other authorization required by New York’s banking, insurance or financial services law, to establish and maintain …
Read More
Self-Proclaimed Publisher of Fake News Sites Loses Circuit Appeal
December 21, 2016
Fake news has been in the news a great deal recently, with some wondering how to address it. The recent decision by the U.S. Court of Appeals for the Second Circuit in Federal Trade Commission v. LeadClick Media , 838 F.3d 158 (2d Cir. 2016), may provide a way, at least in some instances. In …
Read More
Enforcing Copyright Without Having a Registration Certificate
December 6, 2016
Nancy A. Del Pizzo’s article entitled, “Enforcing Copyright Without Having a Registration Certificate” was published in the December 5, 2016 issue of the New Jersey Law Journal. Click here to read the article in its entirety. Reprinted with permission from the December 5, 2016 issue of the New Jersey Law Journal. © 2016 ALM Media Properties, LLC. …
Read More
Rutkin Publishes Article Entitled, “Insight – A Lesson in Cyber”
November 17, 2016
Alan Rutkin article entitled, “Insight – A Lesson in Cyber,” has been published in the November 2016 issue of Best’s Review magazine. Click here to read the article. Best’s Review:  November 2016. Copyrighted A.M. Best Company, Inc. 2016.  All Rights Reserved, Reprinted with Permission. …
Read More
As Authorities Crack Down on Cyber Security Attacks, U.S. Copyright Office Lifts Ban on Hacking Your Own Devices
November 11, 2016
The U.S. Copyright Office (the “Office”) has recently issued an exemption to the Digital Millennium Copyright Act (the “Act”), which prohibits users from hacking their own digital devices. Pursuant to 17 U.S.C. § 702, the Office is authorized to promulgate rules and regulations regarding copyright policies and other intellectual property issues. The Act was first …
Read More
FTC Issues Guidance for Responding to a Data Breach
November 10, 2016
The Federal Trade Commission recently issued a new guidance for businesses on responding to a data breach. The guidance, which is also available in video format on the FTC’s website here, sets forth the concrete steps that any business should take in the event that personal information has been hacked, stolen, or inadvertently exposed. The …
Read More
OCR Announces Increased Investigation of Small HIPAA Breaches
October 14, 2016
The U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) recently announced a new initiative to investigate the causes of “small breaches” under the Health Insurance Portability and Accountability Act (“HIPAA”) that involve the protected health information (“PHI”) of fewer than 500 individuals. OCR has discretion in deciding which breaches to …
Read More
New Guidance on HIPAA and Cloud Computing Issued by the Department of Health and Human Services

As the health care industry continues to utilize new cloud computing technologies, the U.S. Department of Health and Human Services (“HHS”) issued guidance on how such technologies can be implemented while remaining compliant with the HIPAA Privacy, Security and Breach Notification Rules (the “ HIPAA Rules”). Specifically, HHS explained that when covered entities or business …
Read More
New York Proposes Cyber Security Regulations for Banks and Insurers
September 16, 2016
On September 13, 2016, New York Governor, Andrew Cuomo, announced a new regulation that would require banks and insurers to implement cyber security programs. The regulation is the first of its kind not only in New York but in all of the United States. While the regulation would only apply to banks and insurers licensed …
Read More
Cybersecurity Rulings Tap Insurance and Standing Issues
August 25, 2016
Nancy Del Pizzo and Gene Kang have published an article entitled, “Cybersecurity Rulings Tap Insurance and Standing Issues,” in the American Bar Association’s Section of Litigation, Intellectual Property, Practice Points section. To read the article, Click Here. …
Read More
Lessons From Privacy-Related Enforcement
August 16, 2016
Federal and state regulators are bringing more and more enforcement proceedings to challenge the adequacy of corporate privacy practices. Although the best course for businesses is to be proactive and develop privacy rules that meet all applicable requirements before government steps in, a review of various privacy-related settlements that agencies recently have reached suggests a …
Read More
FDA Issues New Draft Guidance on Cybersecurity in Medical Devices
April 12, 2016
Many medical devices used in modern medical care—from pacemakers to robotic surgical equipment and CT scanners—contain embedded software.  The amount of software content built into devices doubles about every two years, as advances in computer technologies encourage production of new generations of devices with ever more functionalities.  In addition, more and more medical devices are …
Read More
The Emerging Threat of Ransomware

Ottawa Hospital in southeast Ontario, Canada; Hollywood Presbyterian Medical Center in Los Angeles; Lukas Hospital in the German city of Neuss; the California law firm Ziprick and Cramer LLP; solo law practitioner Paul Goodson; and the town of Plainfield, New Jersey all have something in common:  they learned about the cyber threat posed by ransomware …
Read More
Rutkin Publishes Article in Best’s Review Entitled, “The Square Peg of Cyber Coverage”
April 30, 2015
Alan Rutkin, a partner in the Firm’s Insurance Coverage & Litigation Practice Group, has published an article entitled, “The Square Peg of Cyber Coverage,” in the May 2015 issue of Best’s Review. Click here to read the article. Best’s Review:  May 2015. Copyrighted A.M. Best Company, Inc. 2016.  All Rights Reserved, Reprinted with Permission. …
Read More
Circuit’s Decision Clarifies Law Of Contributory Cybersquatting
October 28, 2014
Nearly 15 years ago, Congress passed the Anticybersquatting Consumer Protection Act (“ACPA”).[1] The ACPA amended the federal trademark law known as the Lanham Act by adding two new causes of action aimed at cybersquatting.[2] Under the ACPA, a person may be civilly liable “if … that person has a bad faith intent to profit from …
Read More

Legal updates and news delivered to your inbox