Latest Articles

As we turn the page on 2018, let’s reflect on some of the key privacy and cybersecurity issues that will continue to occupy our hearts and minds in 2019. Owning the Mega-Breach 2018 was the year in which data breaches in mergers and acquisitions became the iceberg in full view. This fuller realization of cyber risk in transactions, though, actually has its origin in September 2016 – when Yahoo and Marriott were in the midst…
On November 21, 2018, the Pennsylvania Supreme Court drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard employees’ personal information stored on an Internet-accessible computer. The Court further held that Pennsylvania’s economic loss doctrine permits recovery for “purely pecuniary damages” on a negligence claim premised on a breach of such a duty.…
On November 13, 2018, Ballard Spahr lawyers presented a webinar on the SEC’s recent “Report of Investigation” into “business email compromises” affecting public companies. As noted in our prior blog post, the Report was prompted by the SEC’s investigation into whether nine public companies violated U.S. securities laws “by failing to have sufficient accounting controls” to prevent approximately $100 million in losses as a result of business email compromises targeting their personnel. The SEC…
The U.S. Securities and Exchange Commission (SEC) has joined the government chorus in sounding the alarm about the rapid rise in “business email compromises” that are victimizing organizations across industry sectors. On October 16, 2018, the SEC released a “Report of Investigation” calling for public companies to reassess their internal accounting controls “in light of emerging risks, including risks arising from cyber-related frauds.”  In particular, the report focuses on certain types of “business…
This month marks 15 years of observing National Cyber Security Awareness Month (NSCAM) in October. The program was started way back in 2004, by the U.S. Department of Homeland Security and the National Cyber Security Alliance to educate Americans about ways to stay safer and more secure online. Technology has transformed most aspects of daily life since 2004, when: Smartphones didn’t exist (Blackberry’s don’t count). Thefacebook.com was born in a Cambridge dorm room. Google launched…
The New York Department of Financial Services (“NYDFS”) has adopted a regulation that requires “consumer credit reporting agencies” (“CCRAs”) to register with the NYDFS, prohibits CCRAs from engaging in certain practices, and requires CCRAs to comply with certain provisions of the NYDFS cybersecurity regulation.…
The New York Department of Financial Services (“NYDFS”) has adopted a regulation that requires “consumer credit reporting agencies” (“CCRAs”) to register with the NYDFS, prohibits CCRAs from engaging in certain practices, and requires CCRAs to comply with certain provisions of the NYDFS cybersecurity regulation.…
Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance with applicable laws and regulations.  The Report concluded that some of the OCC’s primary concerns are with the elevation in operational risk “as banks adapt business models, transform technology and operating processes, and respond to evolving cyber threats.”  The Report also…
South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed the South Carolina Insurance Data Security Act into law on May 14, 2018. The Act will become effective on January 1, 2019. South Carolina Insurance Director Raymond G. Farmer chaired the NAIC Cybersecurity Working Group that drafted the model…
The fallout from the Yahoo data breaches continues to illustrate how cyberattacks thrust companies into the competing roles of crime victim, regulatory enforcement target and civil litigant. Yahoo, which is now known as Altaba, recently became the first public company to be fined ($35 million) by the Securities and Exchange Commission for filing statements that failed to disclose known data breaches. This is on top of the $80 million federal securities class action settlement that…