Tag:Cyber Security

1
The Eighth Circuit Charts a Course for Data Privacy Cases in the Wake of Spokeo for Technical Violations of a Statute That Result in no Harm
2
New York Department of Financial Services Unveils “New Cyber Security Examination Process”: Five Key Takeaways

The Eighth Circuit Charts a Course for Data Privacy Cases in the Wake of Spokeo for Technical Violations of a Statute That Result in no Harm

By Ryan M. Tosi and Lindsay Sampson Bishop

The Eighth Circuit recently became the one of the first federal Courts of Appeals to apply the U.S. Supreme Court’s Article III standing decision in Spokeo Inc. v. Robins to a data privacy case. The Eighth Circuit affirmed the dismissal of a putative class action complaint on the basis that the plaintiff failed to allege a concrete injury that “actually exist[s],” is “real,” and is not “abstract.” The lawsuit alleged that Charter Communications, Inc. (“Charter”), a company providing cable services, retained the personally identifiable information (“PII”) of its former customers well after the customers’ cancellation of their services. Because the plaintiff asserted only a technical violation of the statute, without alleging how that violation had actually injured him, the Eighth Circuit found that, under Spokeo, the plaintiff failed to plead a concrete and particularized injury sufficient to establish standing to file suit in federal court.

To read the full alert, click here.

New York Department of Financial Services Unveils “New Cyber Security Examination Process”: Five Key Takeaways

By: András P. Teleki, Andrew L. Caplan

On December 10, 2014, Superintendent Benjamin Lawsky of the New York Department of Financial Services (the “DFS”) announced a “New Cyber Security Examination Process” (the “New Examination Process”) for New York-chartered and licensed banking institutions (“Regulated Entities”). Pursuant to the New Examination Process, the DFS will expand its information technology (“IT”) examination procedures to focus more attention to cybersecurity, and will schedule these IT/cybersecurity examinations following each institution’s comprehensive risk assessment. Even if you are not a financial institution regulated by the DFS, the key takeaways discussed below provide insight into the types of questions regulators are asking with respect to cybersecurity practices and offer practical guidance for assessing the framework of a cybersecurity compliance regime.

The New Examination Process includes both sample examination topics and information requests that the DFS will use in future examinations. A review of these topics and information requests provides understanding of the DFS’ cybersecurity expectations for Regulated Entities, as well as practical cybersecurity considerations for financial institutions not regulated by DFS. Below we discuss five key takeaways related to the New Examination Process.

To read the full alert, click here.

 

Copyright © 2023, K&L Gates LLP. All Rights Reserved.