Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.
To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.
In This Issue
Third Party Service Provider Cybersecurity Management: The (Not Quite) Last Requirement of the New York Department of Financial Services Cybersecurity Regulation
In prior issues, we have reported on the various requirements imposed by the New York Department of Financial Services (the DFS) Cybersecurity Regulation (23 NYCRR 500) (the Regulation) on “Covered Entities,” which are defined to include all licen-sees of the DFS. read more
HIPAA Enforcement Update (January 1, 2018 – December 11, 2018)
Throughout 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced seven settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA) violations. read more
Drone-Related Cybersecurity Risks Abound Both in the Air and on the Ground
As the use of drones (small unmanned aerial systems or UASs) has continued to expand, a great deal of ink has already been spilled over two categories of risk associated with their operation: 1) bodily injury and property damage caused by negligent and/or malicious operations; and, 2) claims for invasion of privacy, nuisance and trespass. read more
The GDPR – Some Troublesome Aspects and Misconceptions, Part II: Confusion Around Marketing and Consent
One of the main changes brought about by the GDPR is that it is much more difficult to obtain a valid “consent” from an indi-vidual to process his or her data. read more
California Takes the First Step With IoT: Will the Federal Government Follow?
This past September, California became the first state to take a first (small) step in addressing Internet of Things (IoT) security. read more
Biometrics: Illinois Appellate Court Potentially Revives “No-Injury” Lawsuits Under the Biometric Information Privacy Act
On September 28, 2018, an Illinois Appellate Court issued an opinion that will likely increase class action filings under Illinois’s Biometric Information Privacy Act (“BIPA”). read more
New Ohio Data Security Law Offers Safe Harbor: May Signal New Trend
A first-of-its-kind data security law, the recently enacted Ohio Data Protection Act may signal the beginning of a new trend in the legal approach to corporate cybersecurity obligations. read more
WM Morrison v Various Claimants – Employer Vicariously Liable for Data Protection Breach
On October 22, 2018, the Court of Appeal of England and Wales gave its judgment in WM Morrison Supermarkets PCL v Various Claimants. read more
Dittman v. UPMC: Pennsylvania Employers have a Common Law Duty to Exercise Reasonable Care to Protect Employee Personal and Financial Data
Pennsylvania’s highest court recently held that an employer has a common law duty to exercise reasonable care to safeguard its employees’ sensitive personal information stored on the employer’s internet-accessible computer system. read more
Enforcement of the GDPR in North America – The Experience So Far
By now, North American organisations will be well aware that they can be subject to the European Union’s (EU) new data pro-tection law, the General Data Protection Regulation (GDPR), without having a physical presence in the EU. read more
Sign up for our newsletter and get the latest to your inbox.