Alston & Bird Privacy, Cyber & Data Strategy Blog

NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules

By

On April 14, 2021, the New York Department of Financial Services ("NYDFS") announced a settlement with National Securities Corporation (“National Securities”), a licensed insurer, in connection with claims under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500). The consent order requires payment of a $3M penalty and mandatory remediation in response to alleged failures to properly implement multi-factor authentication, provide notice to NYDFS of two cybersecurity events reported to other … [Read more] about NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules

The GDPR Reaches the US Supreme Court in Cert Petition

By

The EU’s General Data Protection Regulation (GDPR) has been raised in a petition for certiorari before the US Supreme Court, apparently for the first time since the GDPR entered into application in 2018.  A party in Vesuvius USA Corp. v. Phillips has … [Read more] about The GDPR Reaches the US Supreme Court in Cert Petition

Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing

By , and

In what appears to be a growing trend, another federal district court has dismissed a data breach case for lack of standing. In Springmeyer et al. v. Marriott International, Inc., 2021 WL 809894 (D. Md.), Plaintiffs, former guests of Marriott hotels, … [Read more] about Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing

NYDFS Reports Major Cybersecurity Settlement

By and

ribbons of data

In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged … [Read more] about NYDFS Reports Major Cybersecurity Settlement