The Sm@rtEdgeLaw Group

- "Smart companies need a Sm@rtEdge" TM

Risk Management

Proposed cybersec regulations for New York financial institutions have a broad reach

As written by SmartEdgeLaw Group Attorney Richard Santalesa, in the September 30, 2016 IAPP Privacy Tracker and Daily Dashboard – at Proposed cybersec regulations for New York financial institutions have a broad reach Richard Santalesa, CIPP/US Privacy Tracker | Sep 30, 2016 New York state’s long-awaited Cybersecurity Regulations For Financial Services Companies, issued by […]

Cybersecurity Regulations Issued by NYS Dept of Financial Services

New York State’s long-awaited Cybersecurity Regulations for financial institutions were released last week by the New York State Department of Financial Services (“NYDFS”) for a 45-day public notice and comment period, starting Sept 28, 2016, after which the Regs will go into effect on January 1, 2017, unless modified, as codified at 23 NYCRR Part […]

SmartEdge Presenting at IAPP KnowledgeNet on new CT data breach statute

The SmartEdgeLaw Group is happy to announce its participation in the upcoming Sept 29, 2015 IAPP KnowledgeNet to be held at the Hartford Convention Center in conjunction with the 2015 Information Governance Conference.  Attendance at the KnowledgeNet is free of charge, but registration is required.  IAPP members can received a 15% discount for the full InfoGovCon15 […]

SmartEdgeLaw Quoted on 3D Printing Legal Issues

SmartEdgeLaw Group Attorney was recently quoted on the legal issues and concerns for IP owners posed by the rise of 3D Printers in an article by noted technology journalist Pam Baker in InformationWeek’s article, 3D Printers: IT’s Next Great Data Challenge, available at In the article Santalesa noted the difficulties that will arise regarding […]

SmartEdgeLaw View on FISMA 2.0 Quoted in FedTech Magazine

While data breaches at retailers and merchants get the headlines, governmental breaches – particularly on the federal level – are an all too common occurrence.  According to federal watchdogs, there were 25,556 breaches of personally identifiable information in 2013, up from 10,481 in 2009. In response, SmartEdgeLaw’s opinion on the need and requirements of the […]

FTC Announces Workshop on Cross Device Tracking

Building on the FTC’s continued push into mobile issues and privacy, which it reinforced at the 2015 IAPP Global Summit in D.C. two weeks ago, the Federal Trade Commission today announced an upcoming workshop to explore the issues raised by cross device tracking – using browsers or apps to visit sites across different devices. As the FTC […]

What Does That Clause Mean in State Data Breach Statutes?

In light of the President’s recent call for enactment of the Personal Data Notification and Protection Act, containing a 30-day notification deadline, it’s worth noting that at present most state breach laws require state residents to be notified “without unreasonable delay,” which strikes me as a better compromise. Only Florida (30 days), Ohio (45 days), VT (45 days) and […]

Client Alert: Encryption for EMV and PoS Terminals

Clients field us questions on encryption constantly: What type to use, the differences between encryption-at-rest versus in transit, what qualifies as “strong” encryption under current best practices, key management, which encryption methods meet “government” standards so as provide “reasonable security,” recommendations for encrypted email vendors… the list goes on. However, a recent story focusing on EMV cards, which […]

Global Fraud Report: Consumers Frustrated With Financial Institutions

The newly released 2014 ACI Global Fraud Survey (links at bottom) paints a dramatic picture of the global debit/credit card fraud picture – raising a litany of concerns for consumers and financial institutions. Trust? In line with the study’s name and the different behavioral and fraud levels around the world, trust remains a huge issue regarding consumers’ trust of financial […]

FFIEC Rolls Out Cybersecurity Website For Financial Institutions

The Federal Financial Institutions Examination Council (“FFIEC”) recently launched a new cybersecurity website, effectively creating another valuable resource for financial institutions when it comes to addressing cybersecurity matters. Although less well known than Federal agencies with direct oversight and regulatory authority the FFIEC “is a formal interagency body empowered to prescribe uniform principles, standards, and […]

Thanks to those who attended our IAPP KnowledgeNet CT Meeting

A quick thanks to all those who attended our IAPP KnowledgeNet meeting, held yesterday in Hartford, and to my co-chairs Bruce Raymond and Catherine Itravina. There was a good turnout and many new faces around the table. After an informative presentation covering lessons learned from the Target data breach, by Pamela Gupta, President of Outsecure, Inc., […]

Sm@rtEdgeLaw Now a Member of InfraGard – Cybersecurity Partnership

We’re pleased to announce that founding attorney, Richard Santalesa, has been accepted as a member of InfraGard, and looks forward to employing InfraGard’s expertise on behalf of Sm@rtEdgeLaw’s client base and our communities. InfraGard is a partnership between the FBI and the private sector as “an association of persons who represent businesses, academic institutions, state […]

Join us June12 at IAPP KnowledgeNet CT

Please join us at the upcoming IAPP KnowledgeNet CT on June 12 4-6pm at the offices of Shipman & Goodwin LLP, One Constitution Plaza, Hartford, CT 06103.  Refreshments will be served. Our topic: Data Breach Responses: Practical Lessons From the Target Trenches and Beyond Our meeting will include featured speakers and a group round table discussion […]

Data Broker Study from FTC Reveals a Big Data World

Data brokers have been under increased scrutiny lately – from Congress, the press and joined again this week by the Federal Trade Commission, which released a 109-page study of nine data brokers entitled Data Brokers: A Call For Transparency and Accountability (the “Report”). which examined nine data brokers to determine the types and scope of personal information data collected. What […]

NIST Releases “Security by Design” Public Draft Guidance

Following on the heels of the National Institute of Standards and Technology‘s (“NIST”) release of the Framework for Improving Critical Infrastructure Cybersecurity (a/k/a the “Cybersecurity Framework” – see our coverage here and here), NIST unveiled yesterday a 123-page initial draft for public comment of Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. […]

© 2014 Sm@rtEdge LLC. All Rights Reserved. Attorney advertising. Prior results do not guarantee a similar outcome. Site Map Privacy Policy Frontier Theme