Law Firms can be subject to the NY Cybersecurity Regulation because “service providers” without their knowledge
On March 1, the Regulation on Cybersecurity Requirements for Financial Services of the Department of Financial Services of New York has come into force. Section 500.11 Third Party Service Provider Security Policy of the Regulation could very well be applied to at least some law firms since they might fall into the definition of “service providers”.
Should this be the case, as covered entities they should develop and written policies and procedures to identify and assess risks, implement minimum cybersecurity practices, implement due diligence processes to evaluate the adequacy of cybersecurity practices, and conduct periodic assessments.
A Bank of Italy report on the risk of cyberattacks against small businesses indicates that one third of them suffered damages from such attacks
The Bank of Italy has published a report that focuses on preliminary evidence on the risk of cyber-attacks in the private sector. It is an annual survey spanning from September, 2015 to September, 2016 on companies with more than 20 employees in industry and non-financial services.The report is available here
U.S. Chicago District
The U.S. Chicago District Judge Edmond E. Chang has issued a Memorandum Opinion and Order that Google Inc. is subject to claims because, when gathering and storing biometric data of millions of users without their consent, it violated their privacy.
A similar case is pending in front of the San Francisco Federal Court against Facebook Inc.
Italian Association for IT Security (CLUSIT)
The Italian Association for IT Security (CLUSIT) released its 2016 report on 22.02.2017, which indicated that 2016 was “the worst year ever in terms of the evolution of the cyber threat and the relative impact”. CLUSIT reports that in 2016, phishing attacks increased to a rate of 1,166% with respect to the previous year. The report states that the highest increase was registered in the health sector (+ 102% over 2015), large-scale retail (+ 70% over 2015), and banking and finance (+ 64% over 2015).Read More
Companies settle FTC charges on false representation of online privacy policies
The Federal Trade Commission (FTC) took three U.S. companies to settle on the its charges on deceiving customers for false representation of online privacy policies, related to their participation in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system.Read More