Tag Archives: encryption

New York DFS Cybersecurity September 2018 Deadline

By Tiffany Quach on September 3, 2018 Posted in Cybersecurity, Legislation

The New York Department of Financial Services cybersecurity regulation 23 NYCRR 500 (the “Regulation”) came into effect in March 2017 and established four staggered compliance deadlines for its various requirements. By the third deadline of September 3, 2018, Covered Entities are required to be in compliance with sections 500.06 (audit trails), 500.08 (application security), 500.13 … Continue Reading

What Happens in Vegas Really Does Stay in Vegas (Unless It Is Encrypted)

By Proskauer Rose on June 19, 2009 Posted in Data Privacy Laws

S.B. 227, which becomes effective on January 1, 2010, will require encryption of all personal information leaving the "logical or physical controls of the data collector," including electronic data on a "data storage device." … Continue Reading

Decrypting HHS Guidance on Breach Notification and Security under the HITECH Act: NIST, FIPS, and More

By Sara Krauss on June 5, 2009 Posted in Medical Privacy, Security Breach Notification Laws

Two months after Congress mandated notification for the breach of unsecured protected health information (PHI), the Secretary of Health and Human Services (HHS) defined what it means to be "unsecured." As required by Section 13402 of the HITECH Act, H.R. 1, 111th Cong. (1st Sess. 2009) (which was part of the American Recovery and Reinvestment Act of 2009), the Secretary issued guidance and a request for comments on the technologies and methodologies rendering information unusable, unreadable or indecipherable. 74 Fed. Reg. 19006 (Apr. 27, 2009) (to be codified at 45 C.F.R. pts. 160, 164). … Continue Reading

Massachusetts Regulators Postpone Compliance Deadline and Issue Revised ID Theft Regulations

By Proskauer Rose on February 13, 2009 Posted in Data Privacy Laws

On Thursday, the Massachusetts Office of Consumer Affairs and Business Regulation ("OCABR") revised and postponed -- for the second time -- its comprehensive data security regulations. The new deadline for all covered entities to achieve full compliance with the Massachusetts regulations is January 1, 2010. … Continue Reading

UK Court Parts with US Court regarding Compelled Disclosure of Encryption Keys

By Proskauer Rose on October 31, 2008 Posted in International

On October 9, in the case R v. S and A [2008] EWCA Crim 2177, the Criminal Division of the England and Wales Court of Appeal held that requiring criminal defendants to disclose an encryption key allegedly protecting criminal materials does not violate the privilege against self-incrimination under U.K. law or Article 6 of the … Continue Reading

Leaving Las Vegas . . . IF Encrypted

By S. Montaye Sigmon on September 24, 2008 Posted in Data Privacy Laws

A Nevada law requiring encryption of customer personal information goes into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970 (2007). While the legislation is short in length, it is potentially wide-ranging in scope. In particular, the legislation requires any "business in this State" to encrypt an electronic transmission (other than via facsimile) of "any personal information of a customer" to "a person outside of the secure system of the business unless the business uses encryption to ensure the security of the electronic transmission." Id. … Continue Reading