Privacy and Cybersecurity

Contact: Matthew K. Curtin, Chair

The global technological advances that have enabled increased accessibility, transferability and collectability of data have also generated significant risks and obligations.  The growing body of law governing data protection and the dramatic uptick in criminal cyber attacks have businesses across all industries on edge.  Murtha Cullina's Privacy and Cybersecurity Group provides the full complement of services necessary to help clients mitigate risk and operate in this new, and ever more challenging reality.  Our interdisciplinary team is composed of attorneys from all of our practice areas who stand ready to guide clients through these complex legal and practical challenges.

We provide the following services:

Data Breach Response, Coaching and Crisis Management

• Manage all aspects of data breach response, including compliance with multi-jurisdictional reporting and notification laws
• Partner with forensics and logistics experts to expedite response and mitigate damage
• Assess insurance coverage for cybersecurity incidents

Litigation/Government Investigations

• Data breach litigation
• Represent clients in investigations by the Office of Civil Rights, the Federal Trade Commission and State Attorneys General

Prevention and Planning

• Create written information security plans
• Draft policies and counsel businesses on regulatory compliance with privacy and security requirements including HIPAA, HITECH, Red Flag Rules, Gramm Leach Bliley, NYDFS Cybersecurity Regulation, and the General Data Protection Regulation
• Develop guidelines for document retention policies
• Advise on incident response, disaster recovery and breach continuity plans
• Develop social media policies, privacy policies and terms of use for websites and mobile apps

• Andy I. Corea
• Matthew K. Curtin
• Michael J. Donnelly
• Daniel J. Kagan
• Rachel Snow Kindseth
• Paul E. Knag
• Bruce L. McDermott
• James W. McLaughlin
• Benjamin H. Nissim
• James F. Radke
• Stephanie Sprague Sobkowiak
• Suzanne Brown Walsh
• Edward B. Whittemore
• Kristen L. Zaehringer

• October 30, 2019 - PrivacyAndCybersecurityPerspectives.com: A HIPAA Compliance Program "In Disarray" Leads to OCR Imposing a $2.15 Million Civil Monetary Penalty
• October 8, 2019 - PrivacyAndCybersecurityPerspectives.com: OCR Fines Dental Practice $10,000 For Social Media Disclosures
• September 23, 2019 - PrivacyAndCybersecurityPerspectives.com: 100 Days from CCPA, Is Your Business Ready?
• May 22, 2019 - Benjamin H. Nissim Elected to Board of Trustees of the Harriet Beecher Stowe Center
• April 8, 2019 - PrivacyAndCybersecurityPerspectives.com: “Alexa - Can You Comply with HIPAA?”
• February 28, 2019 - PrivacyAndCybersecurityPerspectives.com: Popular Children's App Music.ly Settles FTC COPPA Claims
• February 8, 2019 - PrivacyAndCybersecurityPerspectives.com: HIPAA Enforcement in 2018 Hits All Time High
• December 20, 2018 - PrivacyAndCybersecurityPerspectives.com: Federal Court Dismisses Federal Securities Class Action Based on Data Breach
• December 13, 2018 - PrivacyAndCybersecurityPerspectives.com: Another HIPAA Breach, Another 6-Figure HIPAA Settlement
• November 28, 2018 - PrivacyAndCybersecurityPerspectives.com: Six-Figure OCR Settlement for Three-Physician Practice Failing to Follow Policies
• October 26, 2018 - PrivacyAndCybersecurityPerspectives.com: Less is More: The Role of Data Retention Policies in Cybersecurity Performances
• October 12, 2018 - PrivacyAndCybersecurityPerspectives.com: The Importance of Training
• October is National Cybersecurity Awareness Month
• October 1, 2018 - PrivacyAndCybersecurityPerspectives.com: October is National Cybersecurity Awareness Month!
• September 25, 2018 - PrivacyAndCybersecurityPerspectives.com: California Governor Approves Revisions to Consumer Privacy Act
• September 13, 2018 - PrivacyAndCybersecurityPerspectives.com: OCR Releases Hurricane Florence Guidance Ahead of Storm
• July 25, 2018 - PrivacyAndCybersecurityPerspectives.com: Denmark Implements Email Encryption Requirement, What Countries Will Follow?
• June 22, 2018 - Privacy and Cybersecurity Group News: SCOTUS Requires Warrant for Cell Phone Location Records
• June 22, 2018 - PrivacyAndCybersecurityPerspectives.com: ALJ Judge Upholds OCR's $4,348,000 Data Breach Penalty on Texas Hospital
• June 19, 2018 - PrivacyAndCybersecurityPerspectives.com: District Court Gives Narrow, Reasonable Scope to TCPA
• June 15, 2018 - Privacy and Cybersecurity Group News: OCR Issues Guidance on the Use of HIPAA Authorizations for Research
• June 5, 2018 - PrivacyAndCybersecurityPerspectives.com: Connecticut Legislature Responds to Proliferation of Data Breaches
• May 25, 2018 - Privacy and Cybersecurity Group News: Three Important Considerations For All Businesses in Light of GDPR
• May 23, 2018 - Privacy and Cybersecurity Group News: Hospital Servers Infected with Malware for Over a Year Affect More than 500,000
• May 16, 2018 - Privacy and Cybersecurity Group News: DHS Issues Cybersecurity Strategy
• May 14, 2018 - Privacy and Cybersecurity Group News: Uber Catches Break in Data Breach Class Action
• May 1, 2018 - PrivacyAndCybersecurityPerspectives.com: Twitter Becomes the Latest Social Media Company Tangentially Linked to Cambridge Analytica
• April 25, 2018 - PrivacyAndCyberSecurityPerspectives.com: Yahoo Settles Claims by SEC Regarding 2014 Data Breach
• April 13, 2018 - PrivacyAndCybersecurityPerspectives.com: The Seventh Circuit Weighs in On Standing
• April 11, 2018 - Privacy and Cybersecurity Group News: GAO Says CMS Must Do More to Protect Medicare Info
• April 3, 2018 - PrivacyAndCybersecurityPerspectives.com: Grindr Grinds Users Gears by Reportedly Sharing Users' HIV Status
• April 1, 2018 - Privacy and Cybersecurity Group News: And Alabama Makes 50
• March 29, 2018 - Privacy and Cybersecurity Group News: D.C. Circuit Reins in FCC's Overbroad TCPA Interpretations
• March 22, 2018 - Privacy and Cybersecurity Group News: South Dakota is the 49th State to Enact a Breach Notification Law
• March 22, 2018 - PrivacyAndCybersecurityPerspectives.com: Facebook in Hot Water With Latest Privacy Missteps
• March 9, 2018 - Privacy and Cybersecurity Group News: The Standing Struggle in Data Breach Litigation Continues
• June 27, 2018 - Privacy and Cybersecurity Group News: Yahoo to Pay $80 Million to Settle Securities Class Action Based on Data Breaches
• March 2, 2018 - Privacy and Cybersecurity Group News: Welcomed Draft Commentary from the Sedona Conference on BYOD
• February 27, 2018 - PrivacyAndCybersecurityPerspectives.com: SEC Issues New Cybersecurity Disclosure Guidance for Public Companies
• February 26, 2018 - Privacy and Cybersecurity Group News: SEC Issues New Cybersecurity Disclosure Guidance for Public Companies
• February 21, 2018 - PrivacyAndCybersecurityPerspectives.com: SCOTUS Denies Cert on CareFirst: No Clarity on Harm in Data Breach Cases This Session
• February 14, 2018 - Privacy and Cybersecurity Group News: Out-of-Business File Storage Company Paid $100K for Alleged HIPAA Violations
• February 7, 2018 - PrivacyAndCybersecurityPerspectives.com: Massachusetts Launches New Online Breach Reporting Form
• January 22, 2018 - Privacy and Cybersecurity Group News: Can't This Just Be Over? Standing In Cybersecurity Claims
• January 22, 2018 - PrivacyAndCybersecurityPerspectives.com: Can't This Just Be Over? Standing In Cybersecurity Claims
• January 17, 2018 - PrivacyAndCybersecurityPerspectives.com: Connecticut Recognizes New Cause of Action for Breach of Patient/Physician Confidentiality
• January 8, 2018 - Privacy and Cybersecurity Group News: FTC Settles with Children's Electronic Toy Maker for Security Program Issues
• January 5, 2018 - Privacy and Cybersecurity Group News: Vulnerabilities to Most Computer Processors Revealed
• December 13, 2017 - Privacy and Cybersecurity Group News: 'Tis the Season: W-2 Phishing Scams Likely to Resurface After the New Year
• December 13, 2017 - PrivacyAndCybersecurityPerspectives.com: 'Tis the Season: W-2 Phishing Scams Likely to Resurface After the New Year
• November 17, 2017 - Privacy and Cybersecurity Group News: No First Amendment Privacy Protection from Grand Jury Subpoena for Identity of Anonymous Reviewers on Glassdoor.com
• November 8, 2017 - Privacy and Cybersecurity Group News: National Data Breach Notification Law Proposed
• October 27, 2017 - Privacy and Cybersecurity Group News: Cybersecurity Month Tip #5
• October 23, 2017 - Privacy and Cybersecurity Group News: Feds Warn of Critical Infrastructure Attacks as CT Releases Report on Utility Company Cyber-Readiness
• October 21, 2017 - Privacy and Cybersecurity Group News: Cybersecurity Month Tip #4
• October 19, 2017 - Privacy and Cybersecurity Group News: Cybersecurity Month Tip #3
• October 18, 2017 - Privacy and Cybersecurity Group News: Cybersecurity Month Tip #2
• October 13, 2017 - Privacy and Cybersecurity Group News: Cybersecurity Month Tip #1
• October 3, 2017 - Privacy and Cybersecurity Group News: Legislature Addresses Ransomware Threat With Criminal Penalties
• July 19, 2017 - Municipal Group News: Municipalities Under Connecticut's New Cybersecurity Strategy
• July 18, 2017 - Information Security & Privacy and Health Care Group News: Protecting Data: Vendors May Be Your Weakest Link
• July 18, 2017 - PrivacyAndCybersecurityPerspectives.com: Protecting Data: Vendors May Be Your Weakest Link
• June 28, 2017 - Health Care & Long-Term Care Group News: Data Breaches Most Expensive For Health Care Industry But Precautionary Measures Can Keep Costs Down
• June 28, 2017 - PrivacyAndCybersecurityPerspectives.com: Data Breaches Most Expensive for Health Care Industry But Precautionary Measures Can Keep Costs Down
• May 16, 2017 - Information Security and Privacy Group News: Five Things You Can Do to Protect Your Business From a Cyber Attack
• May 16, 2017 - PrivacyAndCybersecurityPerspectives.com: Five Things You Can Do to Protect Your Business From a Cyber Attack
• April 25, 2017 - PrivacyAndCybersecurityPerspectives.com: OCR Published Three HIPAA Settlements in Two Weeks, Signaling a Ramp Up of HIPAA Enforcement Activity
• January 30, 2017 - Information Security and Privacy Group News: Phishing Alert: Employee W-2 Information at Risk
• August 18, 2016 - Information Security and Privacy Group News: Is Your Student Information Adequately Protected?
• March 31, 2016 - Information Security and Privacy Group News: Cities and Towns Being Targeted by Hackers: Connecticut Municipalities Must Follow Data Breach Laws
• March 24, 2016 - Information Security and Privacy Group News: Cybersecurity Conference Essential Take-Aways Government, Industry and Legal Perspectives
• December 22, 2015 - Information Security and Privacy News: Critical Cybersecurity Policies and Practices After the Settlement Order in FTC v. Wyndham Worldwide Corp.
• October 27, 2015 - Information Security and Privacy Group News: The Increased Risks of Not Protecting Customer Information in Data Breaches
• June 11, 2015 - Information Security and Privacy Group News: Connecticut's Data Security Law Expands
• March 23, 2015- The Anthem data breach and the response of Connecticut's legislature
• October 6, 2014 - Article by Robert J. Munnelly, Jr. in the Hartford Business Journal
• August 2014 - Information Security and Privacy Group News
• DID YOU KNOW? January 28, 2014 is "Data Privacy Day"
• Proceed with Caution: Security Breaches put Damper on 2013/14 Holiday Season
• HR Professionals: Simple Steps That Can Help Your Company Avoid Becoming A Data Breach Headline
• Connecticut Attorney General Seeks Enforcement Against Citibank for Information Security Breach
• Key Lessons From Serving on a Cybersecurity Panel at a Recent Conference
• Concerns With Using "Cloud" Document Sites for Confidential or Proprietary Information
• National Data Privacy Day
• Information Security and Privacy Update, September 2012
• Massachusetts Provider to Pay $1.5 Million to Resolve HIPAA Violations
• Murtha Cullina LLP Formalizes Information Security and Privacy Group
• Vendors and Your Employees' Personal Information - New Identity Theft Measures Take Effect March 1, 2012

• April 19, 2018 - Cybersecurity Three Minute Check In Series: Does the GDPR Apply to a US Business?
• January 9, 2018 - Cybersecurity Three Minute Check In Series: Implementing an Effective Information Security Program

• May 7, 2019 - Cyber Weapons You Must Deploy to Defeat the Criminals Stalking Your Small Business (and a Battle Plan to Launch Today)
• November 28, 2018 - Law Lab Business Lunch Series: Privacy Policies For Your Website
• June 12, 2018 - Half-Day Cybersecurity Conference: Threat Evaluation & Incident Response
• August 23, 2017 - Suzanne Brown Walsh to speak on Fiduciary Access to Digital Assets to the IRS Estate and Gift Tax Group in New Carrollton, MD
• June 22, 2017 - H. Kennedy Hudner, Burt Cohen and Stephanie Sobkowiak to present at "Sales of Goods, Software/Cloud Licensing, Indemnifications, Cyber Security Issues in Contracting" CLE
• June 7, 2017 - Cyber Security Conference: Protecting our Businesses, State and Nation
• May 24, 2017 - Suzanne Brown Walsh to present on "Fiduciary Access to Digital Assets" at Fiduciary & Investment Risk Management Association's National Conference
• May 5, 2017 - Suzanne Brown Walsh to present on Fiduciary Access to Digital Assets to the Arapahoe county (CO) Bar in NYC
• March 4, 2016 - Cyber Security Half-Day Conference Protecting Your Digital Assets: Government, Industry and Legal Perspectives