For much of the past few years, Section 230 of the Communications Decency Act of 1996 (CDA) has been in the news. Section 230 generally immunizes providers of interactive computer services (such as internet service providers or ISPs, social media companies, and website hosting entities, among others) from liability in connection with third party content …
Read More

Sometimes a comprehensive overview is needed to recognize that individual anomalous conduct is indicative of a criminal scheme. Recently, the Department of Financial Services (DFS) looked at an unusual pattern of interaction with multiple insurance websites and concluded that cybercriminals were exploiting data obtained from those website interactions to commit benefit fraud. Website operators of …
Read More

On February 4, 2021, New York’s Department of Financial Services (DFS) issued Insurance Circular Letter No. 2, which builds on the robust cybersecurity regulation provided in its 2017 Cybersecurity Regulation (23 NYCRR 500). The Letter discusses the current state of the cyber insurance industry and provides a seven-part Cyber Insurance Risk Framework which may assist …
Read More

As businesses in New York and elsewhere begin to enter a second year of partially or fully closed offices and of dealing with a workforce operating remotely, an issue that was top-of-mind for much of 2020 – computer security – should remain a key concern in 2021 and should not be overlooked or ignored. In …
Read More

Alan Rutkin’s article, “2021 Liability Forecast: COVID, Cyber, Opioids, Sex Abuse,” appeared in the February 2021 issue of Best’s Review.  Alan notes that these liability issues will, in turn, create insurance coverage issues. To read the article, click here.     …
Read More

At the start of the 2021-2022 legislative session, the New York state legislature proposed a raft of new regulations related to data privacy which may create challenges for entities doing business in the state. We expect that some or all will pass in some form, as many believe that current laws do not adequately protect …
Read More

Cyber security breaches have been widespread recently, prompting business and government agencies alike to implement new rules, regulations and protocols to protect confidential personal information. Most recently, the federal Judiciary announced new protocols for filing court documents containing “highly sensitive material.” These new protocols come in the wake of the SolarWinds data breach, which compromised, …
Read More

As if having to deal with the COVID-19 pandemic was not enough for law firms and clients, this year has seen a striking number of data breaches, privacy-related lawsuits, and government enforcement proceedings, as well as large settlements of new and older claims. Indeed, on December 8, 2020, in perhaps the ultimate 2020 irony, cybersecurity …
Read More

On November 3, 2020, California voters approved the California Privacy Rights Act (CPRA), which amends the previously enacted California Consumer Privacy Act of 2018 (CCPA). As with the CCPA, businesses physically located outside of California may be subject to the CPRA if they do business in California. The CPRA expands on the already vigorous privacy …
Read More

A business’ risk of suffering a cyber event is often discussed, but not always easy to quantify. Recently, Allianz Global Corporate & Security analyzed its experience with cyber insurance claims over the past several years as a basis for its report, “Managing The Impact of Increasing Interconnectivity: Trends in Cyber Risk.” Its conclusions may help …
Read More