Privacy & Cybersecurity Newsletter

January 2019

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.

In This Issue

Third Party Service Provider Cybersecurity Management: The (Not Quite) Last Requirement of the New York Department of Financial Services Cybersecurity Regulation
In prior issues, we have reported on the various requirements imposed by the New York Department of Financial Services (the ‎DFS) Cybersecurity Regulation (23 NYCRR 500) (the Regulation) on “Covered Entities,” which are defined to include all licen-‎sees of the DFS.‎ read more

HIPAA Enforcement Update (January 1, 2018 – December 11, 2018)
Throughout 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced seven settle‎ment agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and Accountability Act ‎‎(HIPAA) violations.‎ read more

Drone-Related Cybersecurity Risks Abound Both in the Air and on the Ground
As the use of drones (small unmanned aerial systems or UASs) has continued to expand, a great deal of ink has already been ‎spilled over two categories of risk associated with their operation: 1) bodily injury and property damage caused by negligent ‎and/or malicious operations; and, 2) claims for invasion of privacy, nuisance and trespass.‎ read more 

California Consumer Privacy Act: A Priority for 2019
As reported in our last newsletter, California has enacted a game-changer in the U.S. privacy regime.‎ read more

Biometrics: Illinois Appellate Court Potentially Revives “No-Injury” Lawsuits Under the Biometric Information Privacy Act
On September 28, 2018, an Illinois Appellate Court issued an opinion that will likely increase class action filings under Illinois’s ‎Biometric Information Privacy Act (“BIPA”). read more

New Ohio Data Security Law Offers Safe Harbor: May Signal New Trend
A first-of-its-kind data security law, the recently enacted Ohio Data Protection Act ‎ may signal the beginning of a new trend ‎in the legal approach to corporate cybersecurity obligations.‎ read more 

Dittman v. UPMC: Pennsylvania Employers have a Common Law Duty to Exercise Reasonable Care to Protect Employee Personal and Financial Data
Pennsylvania’s highest court recently held that an employer has a common law duty to exercise reasonable care to safeguard ‎its employees’ sensitive personal information stored on the employer’s internet-accessible computer system.‎ read more