Lawsuits against online dating companies
State breach laws typically have provisions regarding who must comply with the law, definitions of applicable personal information, what constitutes a breach, notice and reporting requirements, and exemptions.
New York has had regulations in place for several years which require businesses to report security breaches of computerized PII.
As cyber threats have increased, we have seen an increase in laws and regulations and rapidly evolving legal standards designed to force companies to improve their protections against such threats and minimize damages to third parties.
Companies must take steps to understand and comply with the applicable state and federal laws and regulations and identify and address their cyber risks to avoid the legal consequences and costs associated with a data breach.
For more detailed information on guidance for broker dealers and investment advisers, see our (“HIPAA”), administered and enforced by the HHS, applies to health care providers, health care plans, and health care clearinghouses.
It requires, among other things, that covered entities safeguard electronic protected health information (“e PHI”), conduct risk assessments, maintain policies and procedures, respond to and mitigate the effects of security breaches, and report breaches to the HHS and affected individuals.
Entities that handle any type of consumer PII should consult the FTC’s published guidance relating to cybersecurity measures, implementation of effective cybersecurity plans, and the reporting of breaches.
In addition, the SEC and FINRA have published guidance and best practices to be followed by banks, investment advisers, broker-dealers, and other securities industry firms to protect customer and client PII, respond to cybersecurity incidents, and report or disclose incidents when appropriate.
And, although the SEC has not yet brought an enforcement action for failure to report a cyber incident, the SEC’s acting Enforcement Director indicated this month that such an enforcement action “absolutely” could be envisioned.
The costs associated with data breaches can be significant.  Costs include forensic investigation and remediation, identification of data breach victims, legal defense and strategy, communications and public relations, notice and reports to regulators and victims, training, and protection services offered to victims.
One study suggests that the average organizational cost of a cybersecurity data breach for a U. Data breaches often lead to investigations by state or federal agencies; regulatory fines and sanctions; shareholder suits; and private litigation and class actions by consumers, clients, patients, and employees.