On August 31, 2021, the FBI and CISA (Cybersecurity and Infrastructure Security Agency) issued Alert AA21-243A, warning that there is an increased risk to U.S. entities of an “impactful ransomware attack” over Labor Day Weekend. A summary of the risk and suggested steps to address it can be found at https://us-cert.cisa.gov/ncas/current-activity/2021/08/31/fbi-cisa-advisory-ransomware-awareness-holidays-and-weekends. The Alert can be …
Read More

Social media has played an oversized role in lawsuits under state and local biometric privacy laws, including especially the Illinois Biometric Information Privacy Act (BIPA). See, e.g., Thornley v. Clearview AI, Inc., 984 F.3d 1241 (7th Cir. 2021) (plaintiffs alleged that defendant used a proprietary algorithm to “scrape” pictures from social media sites such as …
Read More

Alan Rutkin authored the Best’s Review article,  “Cyber Threats: Get Ready and Get Tough.” In the article, Rutkin discusses the steady increase of cyber incidents and how insurers should prepare for future attacks. “Cybercrimes, along with the related coverage issues, are among the biggest challenges now facing insurers,” Rutkin says. Read the full article. …
Read More

A wide range of federal and state authorities are involved in the regulation of emerging technologies in one way or another. Numerous agencies as well as the U.S. Department of Justice lead the national effort, while the Department of Financial Services, the attorney general, and local prosecutors are the principal parties in New York State. …
Read More

For much of the past few years, Section 230 of the Communications Decency Act of 1996 (CDA) has been in the news. Section 230 generally immunizes providers of interactive computer services (such as internet service providers or ISPs, social media companies, and website hosting entities, among others) from liability in connection with third party content …
Read More

Sometimes a comprehensive overview is needed to recognize that individual anomalous conduct is indicative of a criminal scheme. Recently, the Department of Financial Services (DFS) looked at an unusual pattern of interaction with multiple insurance websites and concluded that cybercriminals were exploiting data obtained from those website interactions to commit benefit fraud. Website operators of …
Read More

On February 4, 2021, New York’s Department of Financial Services (DFS) issued Insurance Circular Letter No. 2, which builds on the robust cybersecurity regulation provided in its 2017 Cybersecurity Regulation (23 NYCRR 500). The Letter discusses the current state of the cyber insurance industry and provides a seven-part Cyber Insurance Risk Framework which may assist …
Read More

As businesses in New York and elsewhere begin to enter a second year of partially or fully closed offices and of dealing with a workforce operating remotely, an issue that was top-of-mind for much of 2020 – computer security – should remain a key concern in 2021 and should not be overlooked or ignored. In …
Read More

Alan Rutkin’s article, “2021 Liability Forecast: COVID, Cyber, Opioids, Sex Abuse,” appeared in the February 2021 issue of Best’s Review.  Alan notes that these liability issues will, in turn, create insurance coverage issues. To read the article, click here.     …
Read More

At the start of the 2021-2022 legislative session, the New York state legislature proposed a raft of new regulations related to data privacy which may create challenges for entities doing business in the state. We expect that some or all will pass in some form, as many believe that current laws do not adequately protect …
Read More