As reported on our sister blog Consumer Privacy World, Home Depot recently reached a settlement in a lawsuit related to a September 2014 data breach that affected the payment card information of nearly 40 million customers. In addition to a financial settlement, Home Depot agreed to implement and maintain various cybersecurity protocols, including:… Continue Reading
As predicted in our February 4, 2020 blog post, the New York Department of Financial Services (“DFS”) has filed its first formal charges for violation of the state’s cybersecurity regulation. The charges were filed against an insurance company for allegedly violating several provisions of Part 500 of Title 23 of the New York Codes, Rules, … Continue Reading
Cybercriminals have the patience to lie in wait before striking your company as it reopens. See our discussion of a recent case study and how to protect yourself here by Colin Jennings, Ericka Johnson, and Patrick Morris on the Anticorruption blog.… Continue Reading
Robust cybersecurity continues to be of paramount importance as the COVID-19 outbreak develops and cybercriminals seek to exploit a remote workforce, which necessitates that companies check their policies, procedures, and controls to ensure they are addressing the highest areas of risk. On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) at the U.S. … Continue Reading
“Public service is a public trust” In March, 2020, a smaller municipality of approximately 145,000 people fell victim to a sophisticated ransomware attack. When city officials issued statements to the public that personal information was not compromised, the cybercriminals retaliated. The bad actors flooded the internet and dark web with personal information from a portion … Continue Reading
Following recent data security blogs by Francesca Fellowes and Dillon Ravikumar on April 20 and March 26, this update shares guidance from our colleagues in litigation. Ian Debbage and Gareth Timms, write about one of the intended aims of a security breach; fraud – what it is, how you can reduce the risks of fraud … Continue Reading
The final provision of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”), 2019 N.Y. Ch. 117, took effect on March 21, 2020. For more information on the SHIELD Act, visit our previous blog post, New York Cybersecurity Upgrades: Are you Ready?, which provides an overview of the most-recent provision that took … Continue Reading
Is compliance with payment card data security standards being ignored? In a world where data breach scrutiny and sanctions have increased dramatically, compliance with payment card security standards have fallen. Sam Tibbetts has drafted a post on our sister blog, Global IP & Technology Law, detailing the Payment Card Industry Data Security Standard, why businesses … Continue Reading
The NY Department of Financial Services Cybersecurity Regulation, 23 N.Y. Comp. Code R. & Regs. § 500, provides for the protection of customer information and information technology systems of Covered Entities, in recognition of the “ever growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors.” The Cybersecurity Regulation … Continue Reading
In recent days, all eyes have been on the escalating tension between Iran and the US. While we wait and watch politics unfold, the Department of Homeland Security (DHS), New York’s Department of Financial Services and the Cybersecurity and Infrastructure Security Agency (CISA) have all issued notices concerning the heightened risk of an Iranian cyberattack. … Continue Reading
I was recently helping a client in Tokyo respond to a serious and sophisticated cyber breach where hackers executed a transfer of nearly US$1M out of the client’s Hong Kong bank account. In this instance, the hackers had hacked into the CEO’s cloud-based corporate e-mail account and had determined a way to create a transaction … Continue Reading
Cybersecurity awareness recently took center stage in the healthcare industry when the Department of Health and Human Services (HHS) issued comprehensive risk-prioritized cybersecurity best practices to combat top threats. HHS mapped this guidance to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, cross-referencing 88 individual sub-practices for healthcare organizations of all sizes. The … Continue Reading
To any good lawyer, the answer is ‘both’ are important. However, most in-house counsel know the answer is which receives the limited available budget. Compliance budgets usually follow the greatest risks for the company. Therefore, in Europe, where the EU’s General Data Protection Regulation is the scariest new compliance issue, it stands to reason that … Continue Reading
California has become the first state in the US to adopt a cybersecurity law governing Internet of Things (IoT) devices, or those capable of connecting to the internet. In this rapidly growing industry, the law is a first step toward developing regulations to improve the security of IoT. While it does require manufacturers to equip … Continue Reading
In a first of its kind, the SEC recently fined Yahoo US$35 million for failing to assess and disclose a 2014 data breach that affected over 500 million user accounts. What caused the SEC to charge Yahoo with cybersecurity-related disclosure violations? Our colleague Coates Lear has prepared an analysis of this enforcement action, including the post-breach information relayed … Continue Reading
Ann LaFrance has published an article in this month’s Cyber Security Practitioner on a recent report by the European Union Agency for Network and Information Security on cybersecurity issues in relation to emerging technologies, including: The Internet of Things (IoT) Autonomous systems (e.g., vehicles) Next-generation virtualized infrastructures (e.g., software-defined networks and 5G) Upcoming societal challenges … Continue Reading
In a Joint Statement issued this week, the Federal Financial Institutions Examination Council (“FFIEC”) – which comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee – cautioned the … Continue Reading
In her fourth installment of “Cybersecurity Law” for CSO, Tara Swaminatha focuses on communications planning as part of an incident response plan (IR). Many companies are now rightfully revisiting their IR protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan … Continue Reading
Our March 22, 2018 our readers were directed to a post published on our sister Anticorruption Blog which discussed the at the time proposed The CLOUD Act. The act was signed into law as part of the Omnibus Spending Bill on March 23, 2018. In Part 2 of her article, Ericka Johnson focuses on The … Continue Reading
On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data. While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were … Continue Reading
Last week, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations released its enforcement priorities for 2018. Making the list for the fifth year in a row, cybersecurity was emphasized as a focus for the SEC in the coming year. In a recent post on Squire Patton Boggs’ anticorruption blog, Coates Lear and Elizabeth Weil … Continue Reading
In her second installment of “Cybersecurity Law” for CSO, Tara Swaminatha considers the most noteworthy cybersecurity and data privacy-related cases and pieces of legislation in the year ahead.… Continue Reading
The two attacks affect nearly 90 percent of the world’s computers. Recent reports suggest that computers – personal, business, and cellular alike – are susceptible to two newly discovered major security flaws. These flaws, colloquially known as “Meltdown” and “Spectre,” could open the door for hackers to access the contents of almost any computer. Meltdown … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 11 December 2017.… Continue Reading