Privacy Compliance & Data Security Blog

Caroline is a frequent contributor to the firm's Privacy Compliance & Data Security Blog, which covers the latest developments in global data privacy law, as well as data breach prevention and response. She writes regularly on a range of issues, including cybersecurity and privacy compliance.

Read Caroline's most recent posts below:

Recent Blog Posts

  • Citing NY’s SHIELD Act, NYSBA Approves Cybersecurity CLE Requirement for All Attorneys Citing a rise in data breaches among New York law firms coupled with the recent enactment of the SHIELD Act that “creates, for the first time, substantive security requirements for persons or businesses that hold the ‘private information’ of New York residents”, the Committee on Technology and the Legal Profession recommended the adoption of a cybersecurity CLE. Because the SHIELD Act applies to “all law firms, even to solo practitioners and small law firms”, the Committee advocated for the requirement... More
  • NY Authorizes Commercial Buildings and Retail Stores to Require Temperature Checks Before Entry On June 6, 2020, New York Governor Andrew Cuomo issued Executive Order No. 202.38, permitting commercial building owners, retail store owners, and those authorized on their behalf to manage public places within their buildings and businesses to require individuals to undergo temperature checks as a condition to entry. To prevent people that may have COVID-19 from entering the premises, owners may deny entry to “(i) any individual who refuses to undergo such a temperature check and (ii) any individual whose... More
  • NY Attorney General Drops Zoom Probe After Agreement on Enhanced Data Security and Privacy Safeguards. On May 7, 2020, the New York Attorney General announced she will not sue Zoom after it agreed to adopt enhanced data security and privacy measures to protect the data of its 300 million plus users. As COVID-19 social distancing policies radically change the way individuals and industries communicate, Zoom saw a reported 3,000 percent increase in meeting participants per day. According to the AG, reports of privacy and data security issues soon followed, including conferences interrupted by uninvited participants... More
  • New Jersey Issues Best Practices for Healthcare Industry to Combat COVID-19 Cyberattacks The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) issued an advisory to hospitals and other healthcare organizations that cybercriminals are targeting them with phishing campaigns, ransomware, and other malicious acts referencing COVID-19.  Cybercriminals are exploiting the fact that the healthcare sector is consumed with COVID-19 management and response to ramp up attacks, including ransomware attacks in the hundreds of thousands to millions of dollars. NJCCIC recommends the following best practices for users and administrators of healthcare organizations to lower cybersecurity... More
  • NY Dpt. of Financial Services Issues Guidance Identifying Heightened COVID-19 Cybersecurity Risks Citing a “significant increase in cybercrime” during the COVID-19 pandemic, the New York Department of Financial Services (DFS) issued guidance to all New York State regulated entities identifying areas of heightened cybersecurity risks. DFS advised regulated entities they should assess and address these areas as per cybersecurity regulation 23 NYCRR Part 500. Heightened Risk #1: Remote Working. Cyber criminals are exploiting the abrupt shift to remote working due to COVID-19. Secure Connections. Make remote access as secure as reasonably possible including the use of multi-factor authentication... More
  • Blockchain Solution to Fight Covid-19 Focuses on GDPR Compliance Healthcare data company CENTOGENE announced it has joined forces with blockchain startup Ubirch to create a solution to secure results of COVID-19 mass testing that takes into consideration General Data Protection Regulation (GDPR) compliance. Based on the premise that absent a vaccine widespread testing is inevitable to permit the return of social interaction, the solution includes an efficient test to screen for SARS-CoV-2 (the virus that causes COVID-19) that stores the results on the blockchain.  According to CENTOGENE, a person can... More
  • New York Attorney General Warns Health Care Industry of COVID-19 Cyber Scams The New York Attorney General issued a warning to health care providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information.  Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on a link purporting to share COVID-19 information that in reality installs malware or permits access to steal passwords and other sensitive information.  According to the... More
  • Best Practices: Remote Working Cybersecurity Safeguards for the Payments Industry COVID-19 has caused more employees to work remotely or at home, presenting cybersecurity challenges to organizations in the payments industry.  PCI Security Standards Council has issued best practices to secure and protect telephone based payment card data while working remotely. These best practices include: Train staff.  Ensure any systems that remote workers use to process or access account data are secured and not accessible to unauthorized third parties.  By implementing a security awareness program, staff can be made aware of the... More