Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.
To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.
In This Issue
Third Party Service Provider Cybersecurity Management: The (Not Quite) Last Requirement of the New York Department of Financial Services Cybersecurity Regulation
In prior issues, we have reported on the various requirements imposed by the New York Department of Financial Services (the DFS) Cybersecurity Regulation (23 NYCRR 500) (the Regulation) on “Covered Entities,” which are defined to include all licen-sees of the DFS. read more
HIPAA Enforcement Update (January 1, 2018 – December 11, 2018)
Throughout 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced seven settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA) violations. read more
Drone-Related Cybersecurity Risks Abound Both in the Air and on the Ground
As the use of drones (small unmanned aerial systems or UASs) has continued to expand, a great deal of ink has already been spilled over two categories of risk associated with their operation: 1) bodily injury and property damage caused by negligent and/or malicious operations; and, 2) claims for invasion of privacy, nuisance and trespass. read more
Biometrics: Illinois Appellate Court Potentially Revives “No-Injury” Lawsuits Under the Biometric Information Privacy Act
On September 28, 2018, an Illinois Appellate Court issued an opinion that will likely increase class action filings under Illinois’s Biometric Information Privacy Act (“BIPA”). read more
New Ohio Data Security Law Offers Safe Harbor: May Signal New Trend
A first-of-its-kind data security law, the recently enacted Ohio Data Protection Act may signal the beginning of a new trend in the legal approach to corporate cybersecurity obligations. read more
Dittman v. UPMC: Pennsylvania Employers have a Common Law Duty to Exercise Reasonable Care to Protect Employee Personal and Financial Data
Pennsylvania’s highest court recently held that an employer has a common law duty to exercise reasonable care to safeguard its employees’ sensitive personal information stored on the employer’s internet-accessible computer system. read more
Sign up for our newsletter and get the latest to your inbox.