Privacy & Cybersecurity Newsletter

December 2017

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.

In This Issue

Developing Cybersecurity Requirements in Banking, Insurance and Other Financial Services
The financial services industry has been dealing with requirements for cybersecurity since 1999, but 2017 brought new, significant, and proliferating obligations. read more

CyberSECurity – The SEC Increases Data and System Protection Work
The U.S. Securities and Exchange Commission is at the center of the current day “cyber storm” of data and system protection, both as a victim and as a regulator. read more

HIPAA Enforcement Update
With respect to enforcement, the Department of Health and Human Services, Office for Civil Rights (OCR) announced two Settlement Agreements to resolve allegations of HIPAA violations between May and October of 2017. read more

Equifax Lax About Hacks, Says Shareholder Lawsuit
In early September, Equifax disclosed a now well-known data breach that ultimately affected a reported 146 million customers in the United States. read more

New York DFS Cybersecurity Regulation Update: Lots Left To Do
Insurers and producers, banks, lenders and others licensed by the New York Department of Financial Services (DFS) have already had to comply with several of the requirements of the new DFS Cybersecurity Regulation, but for most, there’s a lot left to do. read more

Are We Covered by the EU GDPR? – A Warning for U.S.-Only Businesses
All U.S. businesses need to pay attention to the new and comprehensive EU-wide privacy law known as the General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. read more

Incident Response – Privilege and Work Product Issues After In re Premera
Despite considerable incident response work after numerous alleged data breaches, very few opinions have addressed the application of attorney-client privilege and the work-product doctrine to the materials created by such work. read more