CyberJudicata Weekly Debrief (2/24–28)
This week's Weekly Debrief covers a number of topics, including how industry can help the FBI identify cybercriminals, data breach at Clearview AI, a Maryland court ruling with cyber insurance implications, NY data security law, and proposed Federal data privacy legislation.
"Private companies have a crucial role to play in assisting the Department of Justice and FBI as they gather information to charge malicious cyber actors with crimes, especially as the department views criminal charges as a form of indictments, a top FBI cyber official said Feb. 26 at the RSA Conference."
"Do you remember when 40 million was a large number? Forty million dollars in sales, 40 million customers, 40 million Twitter followers, 40 million protesters — all once conveyed something substantial. Were it only so for data breaches."
"A controversial facial recognition company has just informed its customers of a data breach in which its entire client list was stolen. Clearview AI leapt to fame in January when a New York Times report claimed that the start-up had scraped up to three billion images from social media sites to add to its database."
"As previously posted on our Hunton Insurance Recovery blog, a Maryland federal court awarded summary judgment to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company, finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack."
"A user may not think twice when sharing exercise stats on an app with their trainer, but several University of Michigan researchers warn health privacy is affected as technology advances. Healthcare professionals and lawmakers should be more concerned than ever about the uses of patients’ data outside the clinical setting, Jessica Golbus, a cardiovascular medicine fellow at the Michigan Medicine Frankel Cardiovascular Center, said."
"Everything about data is about to change for retailers doing business in New York State. On March 21, a new law regarding data security goes into effect and retailers of all sizes have less than a month to prepare for strict regulations that make current statutes look liberal by comparison. The law is called the Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act."
"The United States lags behind much of the world in having yet to establish some sort of a data protection agency at the national level. Several attempts at federal data privacy standards have been floated in recent years, but failed to gather traction. Senator Kirsten Gillibrand is taking another pass at the issue, but is the first to propose creating a data protection agency at the federal level with sweeping enforcement powers similar to those of counterparts in the European Union."
. . .