Privacy & Cybersecurity Newsletter

January 2017

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.

In This Issue

New York's Cybersecurity Requirements for DFS Licensees: A New Item at the Top of the To-Do List
With a compliance date a few months away, licensees of the New York Department of Financial Services (DFS) must start taking action in response to coming cybersecurity requirements, which will be more onerous and difficult than any existing requirements in the United States. read more

New Year, New Rules – The 2017 Illinois Personal Information Protection Act
On January 1, 2017, Illinois ushered in a broader and stronger personal information and data breach regime. The Illinois Personal Information Act (PIPA), 815 ILCS § 530, applies any entity that "handles, collects, disseminates, or otherwise deals with nonpublic personal information" and imposes certain obligations on those entities in the event of a breach of Illinois residents’ "personal information." read more

After the Fact: FDA’s Guidance on Postmarket Management of Cybersecurity in Medical Devices
The Food and Drug Administration (FDA) recently issued nonbinding guidance focusing on the software vulnerabilities of networked medical devices that are already on the market. The postmarket management guidance is available here. read more

Department of Energy Raises Concerns on Cybersecurity for Grid
The U.S. Department of Energy has raised serious concerns regarding cybersecurity vulnerabilities within the U.S. energy grid in its Quadrennial Energy Review. Chapter IV of the Review (which begins on its 272nd page) "addresses a range of possible risks to the electricity system and the broader economy, and it suggests options to mitigate and prepare for these risks." read more

Ransomware? Everywhere!
The definition of "ransomware" can sound pretty academic. For example, the FBI describes ransomware as "a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid." However, the reality of ransomware is anything but textbook. read more

HIPAA Enforcement Update (October 2016 – January 2017)
Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA) violations. read more