Antony Kim

Antony Kim

Orrick, Herrington & Sutcliffe LLP

Contact  |  View Bio  |  RSS

Latest Publications


No Harm, But Foul? FTC Sues Internet of Things Maker D-Link for Security “Vulnerabilities” Despite No Allegations of Breach

Shortly after the new year, the Federal Trade Commission filed suit in the Northern District of California against D-Link Corporation, a Taiwan-based maker of wireless routers, Internet Protocol (IP) cameras, and software...more

2/6/2017 - Corporate Counsel Data Security FTC Hackers Popular Security Standards Software Taiwan Technology Technology Sector Vulnerability Assessments Young Lawyers

What Did They Say About Cybersecurity in 2016? 8 Proclamations from Regulators and the Courts

There is no such thing as compliance with the NIST Cybersecurity Framework (FTC). In September, the FTC dispelled a commonly held misconception regarding the NIST Framework: It “is not, and isn’t intended to be, a standard or...more

1/30/2017 - Cyber Insurance Cybersecurity Cybersecurity Framework Data Breach Drones Email FBI Federal Aviation Administration (FAA) FTC FTC Act Healthcare HHS HIPAA NIST OCR PHI Phishing Scams Popular Privacy Concerns Ransomware Risk Assessment Risk Management Target Unmanned Aircraft Systems

2016 Data Breach Legislation Roundup: What to Know Going Forward

States were busy updating their data breach notification statutes in 2016. With 2016 in the rear view, let’s take a look back at the legislative changes that will impact corporate incident response processes and what those...more

1/27/2017 - Automatic License Plate Readers Biometric Information Breach Notification Rule Cybersecurity Data Breach Encryption Personally Identifiable Information Popular

Data Protection Officer and IT Manager – Two Jobs That Do Not Match

Companies required to appoint a data protection officer (“DPO” ) in Europe should carefully consider which candidate is best to select for the job. A company established in Bavaria, Germany, was recently fined by the Bavarian...more

12/2/2016 - Conflicts of Interest Corporate Counsel Data Protection Officers (DPOs) EU EU Data Protection Laws General Data Protection Regulation (GDPR) German Federal Data Protection Act (FDPA) Germany Information Technology Personal Data

Keep Reading: Standing Affirmed, but Barnes & Noble Data Breach Class Action Halted

It was about time for data breach defendants to get a win. The District Court for the Northern District of Illinois delivered one to Barnes & Noble in its long-running class action that stems from a breach suffered in 2012....more

11/30/2016 - Article III Barnes and Noble Books Class Action Data Breach Federal Rule 12(b)(6) Incident Response Plans Injury-in-Fact Neiman Marcus PF Chang's Point of Sale Terminals Retail Market Retailers Standing

Ransomware? Don’t Pay It, Says FBI

What should companies do when ransomware hits? The FBI says: (a) report it to law enforcement and (b) do not pay the ransom. Given the recent onslaught in ransomware attacks—such as a 2016 variant that compromised an...more

10/7/2016 - Cyber Attacks Data Breach FBI Hackers Healthcare HIPAA HIPAA Breach HITECH Incident Response Plans Malware Ransomware

Data Breach Standing Goes Nationwide; Sixth Circuit Says Plaintiffs Have Standing to Sue

The Sixth Circuit joined the growing trend of appellate courts holding that plaintiffs had demonstrated standing for data breach class actions in Galaria et al. v. Nationwide Mutual Insurance Company. In a recent order, the...more

10/5/2016 - Article III Class Action Corporate Counsel Data Breach Insurance Industry Nationwide Insurance Co. Neiman Marcus Personally Identifiable Information PF Chang's Popular Standing

First Privacy Shield Guidelines for Companies published by German DPA

On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the...more

9/26/2016 - Article 29 Working Party (WP29) CJEU Data Protection Authority EU EU-US Privacy Shield Germany International Data Transfers Personal Data Popular US-EU Safe Harbor Framework

Financial Institutions Going First? New York Proposes Mandatory Minimum Cybersecurity Compliance Standards

Just as it promised a year ago, New York State proposed new proscriptive, minimum cybersecurity requirements for regulated financial services institutions. The regulations go final after a 45-day notice and public comment...more

9/19/2016 - Banking Sector Banks Cybersecurity Encryption Financial Institutions Financial Services Industry NYDFS Popular Proposed Regulation Public Comment

Don’t Ignore Ransomware Vulnerabilities; You Could Be Violating FTC Act

Last week, the Federal Trade Commission convened a ransomware workshop to discuss the rising epidemic of attacks against U.S. businesses and individuals. In a ransomware attack, a malicious actor tricks a user into...more

9/15/2016 - Cyber Attacks Cybersecurity Data Breach DHS FTC FTC Act Hackers HHS Malware OCR PHI Popular Ransomware

FTC Makes Clear that NIST Cyber Framework is Not a Cure-All

Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more

9/12/2016 - Cybersecurity Cybersecurity Framework Data Protection Data Security Encryption FTC NIST Popular Risk Management Section 5

SDNY Refuses to Enforce Uber’s Online “Sign-In-Wrap” Terms, Arbitration Provision and Jury Waiver Clause

On July 29, 2016, the Southern District of New York, in Meyer v. Kalanick, refused to enforce mandatory arbitration and jury waiver provisions against a putative class of Uber consumers. In a lengthy and strongly worded...more

8/9/2016 - Arbitration Clickwrap Agreements Consumer Contracts Contract Terms Corporate Counsel Mandatory Arbitration Clauses Mobile Apps Motion to Compel Motion to Dismiss Privacy Policy Sharing Economy Terms of Service Uber

Is Ransomware a Notifiable Data Breach Event?

There is no doubt that companies face unprecedented volume and variation in both disruptive and intrusive cyberattacks on their networks. Among the different attack methodologies today, ransomware is quickly becoming a major...more

7/29/2016 - Breach Notification Rule Cyber Attacks Cyber Crimes Cyber Threats Cybersecurity Hackers HIPAA Malware Notification Requirements OCR Personally Identifiable Information PHI Popular Ransomware

European Parliament Passes Long-Anticipated Network and Information Security Directive

On July 6, 2016, the European Parliament passed the Network and Information Security (“NIS”) Directive, over three years after the initial draft was proposed. The Directive will enter into force in August 2016. EU Member...more

7/13/2016 - Critical Infrastructure Sectors Cyber Incident Reporting Cybersecurity Digital Service Providers EU Member State Network and Information Security Directive Popular

FCC Privacy Regulations: The Next Litigation Trend?

Last month the Federal Communications Commission (“FCC”) closed the comment period for its proposed privacy regulations, which we previously wrote about here. The million dollar question on everyone’s minds is whether the...more

6/21/2016 - Broadband Data Collection FCC Mobile Broadband Services Privacy Rule Recordkeeping Requirements Wireless Industry

Treasury Cites Cyber Challenges for Online Marketplace Lending Industry

On May 10, 2016, the United States Department of Treasury (Treasury) became the latest federal agency to highlight the importance of cybersecurity in the financial services industry. In its white paper, which follows last...more

5/19/2016 - Banking Sector Consumer Lenders Cybersecurity Financial Services Industry Incident Response Plans Online Marketplace Lending Peer-to-Peer

7th Circuit Revives P.F. Chang’s Data Breach Class Action Suit

Last week, the Seventh Circuit revived a data breach class action against P.F. Chang’s restaurant in an important opinion that continues a plaintiff-friendly trend that began with the court’s opinion in the Neiman Marcus case...more

4/21/2016 - Class Action Corporate Counsel Data Breach Identity Theft Neiman Marcus Notification Requirements Personally Identifiable Information PF Chang's Popular Standing

Two Years to Get Ready – GDPR Adopted

After 4 years of negotiation, today the European Parliament adopted the General Data Protection Regulation (“GDPR“). In doing so, it signaled the end of the EU approval process and put businesses on alert that they now have...more

4/15/2016 - Data Breach Data Privacy Data Security EU EU Data Protection Laws General Data Protection Regulation (GDPR) International Data Transfers Personal Data

Tennessee Amends Breach Notice Statute: Sets Notice Deadline, Eliminates Encryption Safe Harbor

Tennessee recently amended its data breach notification law, and in doing so, it has joined the ranks of states like Florida, Ohio, and Wisconsin that require notification to residents of a data breach within a defined time...more

4/4/2016 - Amended Legislation Corporate Counsel Cyber Attacks Data Breach Data Protection Encryption Notification Requirements Personally Identifiable Information Risk Management

Is Cyberinsurance the Chicken or the Egg?

The insurance industry has been making the case to Congress that cyberinsurance can be a path to good security practices, encouraging different groups inside an organization to better communicate with one another. The process...more

3/29/2016 - Cyber Attacks Cyber Insurance Cybersecurity Data Protection Hackers Insurance Industry Risk Management

Internet Providers on Notice: Draft Privacy Regulations Coming Soon

This month, the Federal Communications Commission (FCC) will consider issuing a Notice of Proposed Rulemaking (NPRM) for privacy regulations that will apply to broadband providers.  The goals and objectives of the proposed...more

3/16/2016 - Breach Notification Rule Broadband Communications Act of 1934 Data Security FCC Internet Service Providers (ISPs) NPRM Telecommunications

CFPB Jumps Into Cyber Enforcement Pool

In a much anticipated move, on March 2, 2016, the Consumer Financial Protection Bureau (CFPB) entered the cybersecurity foray with its first enforcement action against Dwolla, Inc., an online payment processing start-up. ...more

3/10/2016 - CFPB Consent Order Data Security Dodd-Frank Dwolla Online Payments Personally Identifiable Information UDAAP Unfair or Deceptive Trade Practices

Biometrics: A Fingerprint for Privacy Compliance, Part I

In just the last week, the New York State DMV announced an upgrade to facial recognition software to catch identity thieves trying to obtain fraudulent driver’s licenses, and the Scottish Professional Football League was...more

3/4/2016 - Biometric Information Data Collection Data Protection Facial Recognition Technology FTC

EU-U.S. Privacy Shield is Go…nearly

On 29 February 2016 the European Commission issued the legal texts of the EU-U.S Privacy Shield which aims to replace the defunct EU-U.S Safe Harbor Framework as a legitimate mechanism for transferring personal data from the...more

3/2/2016 - EU EU-US Privacy Shield European Commission FTC International Data Transfers Personal Data Transparency US-EU Safe Harbor Framework

64 Results
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.