On March 1, 2021, the National Security Commission on Artificial Intelligence (NSCAI) released its 700-page Final Report (the “Report”), which presents NSCAI’s recommendations for “winning the AI era” (The Report can be accessed here). This Report issues an urgent warning to President Biden and Congress: if the United States fails to significantly accelerate its understanding and use of AI technology, it will face unprecedented threats to its national security and economic stability. Specifically, the Report cautions that the United States “is not organizing or investing to win the technology competition against a committed competitor, nor is it prepared to defend against AI-enabled threats and rapidly adopt AI applications for national security purposes.”
In the Final Report, NSCAI makes a number of detailed policy recommendations “to advance the development of AI, machine learning, and associated technologies to comprehensively address the national security and defense needs of the United States.” The Report, its findings and recommendations all signal deep concern that the U.S. has underinvested in AI and must play catch-up in order to safeguard its future.
Continue reading “The U.S. in the AI Era: the National Security Commission on Artificial Intelligence Releases Report Detailing Policy Recommendations”
On March 3, 2021, the New York State Department of Financial Services (NYDFS) announced a settlement with Residential Mortgage Services, Inc. (RMS) for $1.5 million in connection with its violation of the NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500). This is the second publicly-announced settlement of an enforcement action brought under NYDFS’s novel cybersecurity regulation (we wrote about the first action).
According to the consent order, in March 2020, NYDFS’ Mortgage Banking Division commenced a routine examination of RMS, which included a review of its compliance with Part 500. RMS is headquartered in Maine, but it is registered as mortgage banker in New York and other states. During the examination, NYDFS determined that RMS failed to report a March 2019 data breach incident, as required by Part 500.
Continue reading “New York Department of Financial Services Announces $1.5 Million Settlement of Second Cybersecurity Enforcement Action”
On February 4, 2021, the Eleventh Circuit Court of Appeals issued a critical opinion addressing Article III standing in private data breach actions, which has been the subject of a closely watched circuit split.
The case, Tsao v Captiva MVP Restaurant Partners LLC, originated in the District Court for the Middle District of Florida where the plaintiff filed a class action complaint against the restaurant chain PDQ in connection with a May 2017 data breach. Following the breach, PDQ posted a notice to customers regarding the breach, explaining that customers’ names, credit card numbers, card expiration dates and CVVs may have been exposed.
Continue reading “The Eleventh Circuit Finds that Potential Future Misuse of Personal Information Does Not Confer Article III Standing in Data Breach Suits”
On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community Health owns over 200 hospitals across the United States and is one of the largest hospital networks in the country. The multi-state settlement follows a separate $2.3 million settlement that Community Health reached with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) in connection with the same data breach.
Continue reading “Community Health Systems Enters Into Five-Million-Dollar, Multi-State Settlement Agreement in Connection with 2014 Data Breach”
On September 15, 2020, the New York Attorney General’s Office (NYAG) announced a settlement with Dunkin’ Brands, Inc. (Dunkin) in connection with a September 2019 lawsuit brought by the NYAG against Dunkin for alleged failures to adequately respond to cyberattacks that impacted approximately 300,000 customers. The proposed settlement—which still must be approved by the court—requires Dunkin to, among other things, notify customers impacted by the attacks, maintain specific cybersecurity procedures to prevent future cyberattacks, and pay $650,000 in penalties.
Continue reading “Dunkin’ Brands, Inc. Agrees to Pay $650,000 to Settle 2019 Data Breach Lawsuit Brought by the New York Attorney General’s Office”
New York’s Stop Hacks and Improve Electronic Data Security Act, which went into effect on March 21, places a greater burden on regulated entities in responding to data breaches and expands the enforcement powers of the New York Attorney General’s office. In order to avoid penalties, businesses would be wise to ensure that they are in compliance with the new law.
For the full alert, visit the Faegre Drinker website.