Elise Elam

Subscribe to all posts by Elise Elam

2022 DSIR Report Deeper Dive: The Expanding Landscape of State Data Privacy Law

BakerHostetler’s Data Security Incident Response Report is a one-of-a-kind resource that leverages aggregated data from security incidents. Our Digital Risk Advisory and Cybersecurity team has shared insights from attorneys across the firm’s Digital Assets and Data Management Practice Group who work with clients on complex privacy and data protection matters. This article takes a closer … Continue Reading

NYDFS Proposed Amendments to Its Cybersecurity Rules

On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for newly defined larger entities, increased expectations for oversight of … Continue Reading

Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms

We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions of the State Cybersecurity Act (the … Continue Reading

DSIR Deeper Dive into the Data: Ransomware Front and Center

There is no question that ransomware is here to stay. Thirty-seven percent of the matters we handled last year involved ransomware, compared to 27 percent of matters in 2020. In 2019, there were approximately 15 active ransomware threat actor groups. In 2021, we handled matters involving more than 80 different ransomware variants. Government entities and … Continue Reading

North Carolina is the First State to Prohibit Public Entities from Paying Ransoms: What Does This Mean for North Carolina Public Schools and Universities?

On April 5th, North Carolina became the first state to prohibit state agencies and local governments from paying ransoms after becoming victims of a ransomware attack. Indeed, in addition to prohibiting said entities from paying ransoms, North Carolina’s new law actually goes so far as to prohibit a public entity from even communicating with threat … Continue Reading

The Scourge of Ransomware

Our 2021 Data Security Incident Response Report (DSIR) described ransomware as a scourge. There are stories every day about new threat actor groups and their victims. There are task forces, law enforcement initiatives, discussions by legislators about laws to help address the problem, and real-world impact from operational disruption (such as panic-buying of gas). Most … Continue Reading
LexBlog