Tag Archives: Brian G. Cesaratto

August 5, 2019

New York Joins the Wave of States Requiring Businesses to Adopt Reasonable Cybersecurity Safeguards to Protect Private Information

By Brian G. Cesaratto of Epstein Becker & Green

New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information. New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020. Notably, New York’s law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.

Read more

Posted in Legal Updates | North America
Read full article
July 23, 2019

Proposed Amendment to California Consumer Privacy Act (CCPA) Reaffirms Employer Notice Requirement and Employee Private Right of Action for Failure to Implement Cybersecurity Safeguards to Take Effect January 1, 2020

By Brian G. Cesaratto of Epstein Becker & Green

The recently proposed amendment to the California Consumer Privacy Act (CCPA) should be a wake up call to those employers who are not already actively planning for the January 1, 2020 compliance deadline.

Read more

Posted in Legal Updates | North America
Read full article
June 3, 2019

Recent Indictment of Anthem Hackers Serves as a Reminder of the Importance of Rigorous Workforce Cybersecurity Training, Incident Response Plans and Formalized Security Programs

By Brian G. Cesaratto of Epstein Becker & Green

On May 9, 2019, the United States Department of Justice announced the indictment of two Chinese Nationals as members of a sophisticated hacking group responsible for the hack of Anthem, Inc. and other unnamed U.S. based large technology, communications and basic materials companies. The hack resulted in the breach of personally identifiable information of over 78 million individuals held by Anthem and the theft of confidential business information from the victimized organizations. The indictment provides a roadmap to advanced hacking attacks regularly faced by technology, healthcare and infrastructure organizations with valuable data to protect. The indictment serves as a reminder that organizations subject to advanced persistent threat from organized hacking groups should adopt a defense in depth strategy including workforce cybersecurity training, vulnerability scanning, network monitoring and comprehensive incident response plans to thwart or mitigate these attacks. These protective countermeasures should be part of the organization’s formalized information security program.

Read more

Posted in Legal Updates | North America
Read full article
March 26, 2019

Take 5 Newsletter – The Future of Work: Five Developing Trends for Technology, Media, and Telecommunications Employers

By Ian Carleton Schaefer of Epstein Becker & Green

Technology, media, and telecommunications organizations are at the forefront of tackling new challenges in handling employee information and managing employee populations. As legislatures (from the federal level down to states and cities) address how technology impacts today’s new workforce, employers must grapple with changes in managing data—from privacy concerns to the use of artificial intelligence in employment matters—and keeping workers happy, including dealing with wage increases, the rise in union activity, and contingent workers in the #MeToo era. A changing workplace landscape requires creative thinking and outside-the-box solutions.

Read more

Posted in Legal Updates | North America
Read full article
February 14, 2019

Washington State Considers Comprehensive Data Privacy Act to Protect Personal Information

By Brian G. Cesaratto of Epstein Becker & Green

Washington State is considering sweeping legislation (SB 5376) to govern the security and privacy of personal data similar to the requirements of the European Union’s General Data Protection Regulation (“GDPR”). Under the proposed legislation, Washington residents will gain comprehensive rights in their personal data. Residents will have the right, subject to certain exceptions, to request that data errors be corrected, to withdraw consent to continued processing and to deletion of their data. Residents may require an organization to confirm whether it is processing their personal information and to receive a copy of their personal data in electronic form.

Read more

Posted in Legal Updates | North America
Read full article
December 4, 2018

Take 5 Newsletter – The Present-Future of Work: 2018 Trends and 2019 Predictions

By Ian Carleton Schaefer of Epstein Becker & Green

There is a visceral and palpable dynamic emerging in global workplaces: tension.

Tension between what is potentially knowable—and what is actually known.   Tension between the present and the future state of work.  Tension between what was, is, and what might become (and when).  Tension between the nature, function, and limits of data and technology.

Read more

Posted in Legal Updates | North America
Read full article
July 18, 2018

Formal Insider Threat Risk Assessment Program Best Addresses Employee Threats to Critical Technologies

By Brian G. Cesaratto of Epstein Becker & Green

We published an article with NYSBA Labor and Employment Law Journal, titled “Employee Threats to Critical Technologies Are Best Addressed Through a Formalized Insider Threat Risk Assessment Process and Program.” With the New York State Bar Association’s permission.

Read more

Posted in Legal Updates | North America
Read full article
October 19, 2017

Model Cyber Security Law Pending Final Action By National Association of Insurance Commissioners

By Brian G. Cesaratto of Epstein Becker & Green

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”  Upon adoption by the NAIC, the NYSDFS regulations requiring that NYS financial organizations have in place a written and implemented cyber security program will gain further traction toward setting a nationwide standard for cyber security and breach notification.  Indeed, although there are differences, the NAIC drafters emphasized that any Licensee in compliance with the NYSDFS “Cybersecurity Requirements for Financial Services Companies” will also be in compliance with the model law.

Posted in Legal Updates | North America
Read full article
October 19, 2017

Model Cyber Security Law Pending Final Action By National Association of Insurance Commissioners

By Brian G. Cesaratto of Epstein Becker & Green

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”  Upon adoption by the NAIC, the NYSDFS regulations requiring that NYS financial organizations have in place a written and implemented cyber security program will gain further traction toward setting a nationwide standard for cyber security and breach notification.  Indeed, although there are differences, the NAIC drafters emphasized that any Licensee in compliance with the NYSDFS “Cybersecurity Requirements for Financial Services Companies” will also be in compliance with the model law.

Posted in Legal Updates | North America
Read full article
September 26, 2017

New York State Issues New Cybersecurity Regulations Following Equifax Breach

By Brian G. Cesaratto of Epstein Becker & Green

New York State has issued proposed regulations extending existing regulations requiring banks and other financial institutions to have in place a comprehensive cybersecurity program to credit reporting agencies.  Governor Mario Cuomo announced that “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”

Under the proposed regulations, every consumer reporting agency that assembles, evaluates or maintains a consumer credit report on NYS consumers must register with the State by February 1, 2018 and have in place a written cybersecurity program by April 4, 2018. The program must identify and assess internal and external cybersecurity risks that may threaten non-public information, including personally identifying consumer information. The program must include provisions that address data governance and classification, asset inventory and device management, access control and identity management, systems and network security and monitoring, as well as other mandated areas.

Posted in Legal Updates | North America
Read full article
  1. 1
  2. 2