Information, Technologies and Telecom

October 10, 2024October 10, 2024 by Michelle Hon Donovan

New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises

The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.

According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.

DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:

implement secure controls for password changing and MFA device configurations;
exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
remain vigilant when receiving requests from individuals and vendors regarding system access.

DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:

Distinctions between common methods of social engineering employed by threat actors
Common indicators of malicious activity disguised as a legitimate communication
Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
Guidance and resources on handling a cybersecurity compromise

In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.

For More Information

If you have any questions about this blog post, please contact Michelle Hon Donovan, Ariel Seidner, Milagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.

June 26, 2024 by Duane Morris

Colorado Privacy Act’s Universal Opt-Out Provision Goes Into Effect July 1, 2024

While the Colorado Privacy Act (CPA) has already been in effect, as of July 1, 2024, companies that meet the threshold compliance criteria for CPA and that engage in the processing of personal data for purposes of targeted advertising or the sale of personal data (“covered entities”) must implement a universal opt-out mechanism, which allows users to more easily exercise their opt-out rights with these covered entities. Specifically, a universal opt-out mechanism allows a user to configure their internet browser settings, and as a result, the websites the user visits from that browser automatically receive the user’s opt-out signal. As of July 1, 2024, covered entities must recognize and honor a user’s opt-out preferences where communicated through a universal opt-out mechanism.

Read the full Alert on the Duane Morris LLP website.

May 17, 2024 by Duane Morris

Webinar: Privacy Class Action Litigation Trends

Duane Morris LLP will present a webinar, The Data Privacy and Security Landscape: Privacy Class Action Litigation Trends, on Thursday, May 30, 2024, from 12:30 p.m. to 1:30 p.m. Eastern time.

REGISTER FOR THE WEBINAR.

Continue reading “Webinar: Privacy Class Action Litigation Trends”

April 25, 2024 by Duane Morris

Webinar Replay: Tech Sector Sanctions, Export Controls and Foreign Investment Rules in the U.S., the U.K. and the EU

A replay of Tech Sector Sanctions, Export Controls and Foreign Investment Rules in the U.S., the U.K. and the EU is available for viewing.

April 23, 2024April 23, 2024 by Duane Morris

Artificial Intelligence Updates – 04.23.24

#HelloWorld. In this issue, we zoom in on the world of AI model training, looking at both dataset transparency and valuation news. Then we zoom out, highlighting Stanford’s helpful summary of 2023 AI regulations and hot-off-the-press ethical guidance on AI use for lawyers from the New York State Bar. It may be a grab bag, but it’s one worth grabbing. Let’s stay smart together.

Read more on The Artificial Intelligence Blog.

April 17, 2024April 17, 2024 by Duane Morris

Webinar: Practical Impacts of the New EU AI Act

Duane Morris will present Get Smart with AI: Practical Impacts of the New EU AI Act, a webinar on risk mitigation strategies for AI use in business, presented by the Technology, Media and Telecom Industry Group’s Artificial Intelligence Team, on Thursday, May 16, 2024, from 11:00 a.m. to 12:00 p.m. Eastern time and 4:00 p.m. to 5:00 p.m. London time. REGISTER FOR THE WEBINAR. Continue reading “Webinar: Practical Impacts of the New EU AI Act”

April 10, 2024April 10, 2024 by Duane Morris

Webinar: Tech Sector Sanctions, Export Controls and Foreign Investment Rules in the U.S., the U.K. and the EU

Duane Morris’ Technology, Media and Telecom Industry Group will present a webinar, Tech Sector Sanctions, Export Controls and Foreign Investment Rules in the U.S., the U.K. and the EU, on Wednesday, April 24, 2024, at 12:00 p.m. Eastern time | 5:00 p.m. London time.

Our program provides an overview and analysis of the numerous and expanding U.S., U.K. and EU sanctions, export controls and foreign investment rules that the tech sector must navigate. To help companies in this increasingly complex landscape, we will provide strategic insights and compliance guidance on key regulations, developments and trends. REGISTER FOR THE WEBINAR.

October 16, 2023 by Duane Morris

Webinar: Let’s Talk About Tech – Wearable Fitness and Health Tech

Duane Morris LLP will hold a webinar, The Data Privacy and Security Landscape: Let’s Talk About Tech ‒ Wearable Fitness and Health Tech on Monday, November 6, 2023, from 12:30 p.m. to 1:30 p.m. Eastern time.

REGISTER

About the Program

Wearable tech is everywhere—on your wrist, in your pocket, on your finger and even at work. With the ubiquity of fitness technology, what are the implications of these pervasive devices? How are companies collecting this data storing and protecting consumer information? What laws and regulations are in place as device use continues to expand? Join our panelists for a discussion on the current state and future of wearable fitness and health tech, including:

- FDA regulation of wearable devices: What is and isn’t a medical device?
- FDA guidance on wireless technology and medical devices
- Biometric laws, including Illinois Biometric Information Privacy Act (BIPA), and the storage and protection of such data
- Implications of HIPAA and wearable tech

Presenters

Frederick R. Ball, Partner

Neville M. Bilimoria, Partner

Sheila Raftery Wiggins, Partner

June 16, 2023 by Duane Morris

Guarding Your Digital Data Against AI Incursion

Digital data is becoming a hot commodity these days because it enables AI tools to do powerful things. Companies that offer content should keep up with the evolving technology and laws that can help them protect their online data.

As data becomes available online, it can be accessed in different ways leading to various legal issues. In general, one basis for protecting online data lies in the creativity of the data under the Copyright Act of 1976. Another basis lies in the technological barrier of the computer system hosting the data under the Computer Fraud and Abuse Act (CFAA) and Digital Millennium Copyright Act. It is also possible to protect online data based on contractual obligations or tort principles under state common law. In terms of the data, a company would need to consider its proprietary data and user-generated data separately, but any creative content is invariably entitled to copyright protection.

To read the full text of this article, please visit the Duane Morris Artificial Intelligence Blog.

June 16, 2023 by Duane Morris

Autonomous AI and the Question of Creativity

On March 16, 2023, the United States Copyright Office (USCO) published Copyright Registration Guidance (Guidance) on generative AI[1]. In the Guidance, the USCO reminded us that it “will not register works produced by a machine or mere mechanical process that operates randomly or automatically without any creative input or intervention from a human author.” This statement curiously conjures the notion of a machine creating copyrightable works autonomously.

While the operation of a machine, or specifically the execution of the underlying AI technology, may be largely mechanical with little human involvement, the design of the AI technology can take significant human effort. If we look at protecting human works that power machines as intellectual property in the broad context where AI has been applied, just like authorship has been an issue when an AI technology is used in creating copyrightable subject matter, inventorship has been an issue when an AI technology is used in generating an idea that may be eligible for patent protection.

To read the full text of this article, please visit the Duane Morris Artificial Intelligence Blog.