More than a decade ago, the Federal Trade Commission (FTC) promulgated a Health Breach Notification Rule (the Rule). The Rule requires certain businesses that access or collect consumers’ identifying health information to notify affected consumers, the FTC and, in some cases, the media, in the event that there is a data security breach leading to

Today, virtually every business is an e-business. Whether a business’ website looks much like it did when it was launched 10 years ago or has recently been updated to an e-platform offering the latest interactive tools, websites are often the first and best method of educating consumers about the business and its products and services.

The Telephone Consumer Protection Act of 1991 (TCPA), as amended by the Junk Fax Prevention Act of 2005 (JFPA), prohibits the use of “any telephone facsimile machine, computer, or other device to send, to a telephone facsimile machine, an unsolicited advertisement.” 47 U.S.C. § 227(b)(1)(C). The TCPA defines “unsolicited advertisement” as “any material advertising the

Credential stuffing has quickly become one of the top attack vectors online, according to the Office of New York State Attorney General Letitia James (OAG). On January 6, 2022, the OAG announced the result of a sweeping investigation that discovered that 1.1 million online accounts had been compromised through credential stuffing accounts at 17 well-known

Robert Tugander’s article, “Do You Have the Right Cyber Insurance for Your Business?” appeared in the Winter 2021/2022 issue of USLAW Magazine.

The article explores the reasons why the same cyber crime often results in different insurance coverage outcomes, depending on the court or the language of the insurance policy. And while no single policy can

Federal law generally prohibits internet service providers (ISPs), i.e., “cable operators,” from disclosing personally identifiable information concerning a subscriber without the prior written or electronic consent of the subscriber. Moreover, under the law, ISPs must “take such actions as are necessary” to prevent unauthorized access to a subscriber’s personally identifiable information by a person other

On December 6, 2021, Governor Kathy Hochul expanded the legal definition of “elder abuse and exploitation” to incorporate identity theft in the list of eligible support services and programs for seniors through non-profit agencies and law enforcement (S.1560/A.1994).

Identity theft is the unlawful use of an individual’s personal identification information such as the person’s name,

Alan Rutkin authored, “As Cybercrimes Continue, Lawsuits for Damages Will Grow,” for the December 2021 issue of Best’s Review. The article explores the challenges to insurers posed by the ever-evolving world of cyber liability:

1. The threats are growing.
2. Underwriters are trying to assess where the biggest threats exist.
3. Coverage litigation is still relatively new.

Many New York-based businesses with websites, as well as bloggers, vloggers, and other New Yorkers with an online presence, may justifiably feel a bit more immune to lawsuits under the Americans with Disabilities Act (ADA) given the recent decision by the U.S. District Court for the Eastern District of New York in Winegard v. Newsday

The cyber insurance market landscape continues to change, as insurers grapple with the growing threats hackers pose to policyholders. But less discussed are insurers’ internal cyber security practices. Insurers possess extensive personal information about policyholders, making insurers attractive targets for hackers.

In October 2017, responding to these concerns, the National Association of Insurance Commissioners (the