Page 34 - Sheppard Mullin Eye on Privacy 2018 Year in Review
P. 34
NY Issues Data Breach Report
Posted on April 12, 2018
New York Attorney General, Eric. T. Schneiderman, stated in a recent press release that 9.2 million New Yorkers had their personal data compromised in 2017. Such data compromises were mainly due to large scale data hacks, such as the Equifax and Game Stop hacks. According to the NYAG office’s report, 1,583 data breaches were reported to the NYAG in 2017. This was quadruple the number from 2016. While hacking was the most likely culprit the AG indicated, a large number of breaches resulted from negligence.
In the report, the NYAG’s office laid out several steps it believes would help organizations protect sensitive personal information against unauthorized disclosures. These include conducting diligence about Understand collection, protection and dissemination of sensitive information, creating -and implementing- an information security plan that includes encryption, and acting immediately in the event of a breach.
In the press release, Attorney General Schneiderman advocated for a bill to force Facebook and other social media websites to inform consumers if their personal data has been misused. Attorney General Schneiderman also called on the New York State legislature to pass his SHIELD Act. If passed, the SHIELD Act, would put legal responsibility on companies to adopt “reasonable” administrative, technical and physical safeguards for sensitive data and would trigger more stringent reporting requirements.
PUTTING IN INTO PRACTICE: The AG’s recent report provides insight on what the NYAG’s expectations are of companies who suffer a data incident, and how they can prepare for such an event.
Justice Department Creates Cyber-Digital Task Force
Posted on February 26, 2018
On February 20, the Department of Justice announced that Attorney General Sessions had created a new, cross- departmental Cyber-Digital Task Force. He directed the Task Force to advise him on the most effective ways for DOJ to confront cyber threats and keep Americans safe. Specifically, the Task Force is charged with canvassing the work the Department is already doing on cyber, and making recommendations on “how federal law enforcement can more effectively accomplish its [cyber] mission.” He asked for a report from the Task Force by June 30.
The Task Force immediately generated criticism from some quarters, with observers viewing it as nothing more than additional bureaucracy where it was not needed. Other observers maintained more of an open mind, noting that the Task Force appears to have a good combination of policymakers, front line law enforcement and prosecutors, and that getting them together could lead to better coordination on cyber in the Department, as well as more effective law enforcement and prosecution of cyber crimes. These results would certainly benefit the country, and anyone who interacts with DOJ on cyber issues.
PUTTING IT INTO PRACTICE: One note of caution – even if the Task Force proves useful to DOJ, recall that the Department is only one of several governmental entities with jurisdiction over aspects of cybersecurity. The White House, DHS, the FTC, the SEC and others also play roles, so in that sense DOJ’s activities will be limited. But, if DOJ’s Task Force can help make law enforcement more unified, better coordinated, and more consistent in its dealings with the private sector, it will have been worth the effort.
33 Eye on Privacy 2018 Year in Review