Last month, as part of BakerHostetler’s “Look Back, Look Ahead: Advertising and Marketing Law in 2021 & 2022” webinar series, partners Craig A. Hoffman and Victoria Weatherford presented on recent trends and predictions on...more
3/2/2022
/ Advertising to Minors ,
AMG Capital Management LLC v FTC ,
Biden Administration ,
Data Breach ,
EHR ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Marketing ,
Opioid ,
State Attorneys General ,
State Privacy Laws ,
Students
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key...more
Ohio will soon have a law in place that provides a “legal safe harbor” from tort claims related to a data breach, to entities that have implemented and comply with certain cybersecurity frameworks. It remains to be seen...more
On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) issued cybersecurity disclosure guidance for public companies (“SEC Guidance”) that, according to SEC Chair Jay Clayton, “reinforces and expands” on...more
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to...more
4/19/2017
/ Chief Compliance Officers ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Hotlines ,
Incident Response Plans ,
Ransomware
Cue the year-end articles saying that this was the worst year to date for data breaches. Follow that with more dire predictions for 2017. Layer in one-size-fits-all recommendations to mitigate these risks. And finish with...more
Public companies that are proactively working to mitigate “cyber” risks and prepare to respond to potential incidents frequently ask whether a “breach” will lead to litigation, loss of customers, stock price decline, and...more
12/21/2016
/ Board of Directors ,
Breach of Duty ,
Cybersecurity ,
Data Breach ,
Derivative Suit ,
Duty of Loyalty ,
Home Depot ,
Popular ,
Proxy Statements ,
Shareholder Litigation ,
Shareholders
A forensic investigation by a security firm often does (and should) drive decision-making in response to an incident. Because the work of a security firm usually drives the critical path of a response, companies can become...more
The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more
We released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Over the next four weeks, we...more
The days of companies being so afraid of the reputational impact of a breach that they would look for any way possible to avoid disclosure are gone. The pendulum has swung in the opposite direction. Now companies, often in...more
One common occurrence after the disclosure by a retailer of a breach affecting card present payment card data used to be the filing of claims by banks that issued payment cards affected by the incident. The banks bringing the...more
When a merchant is suspected of being the victim of an account data compromise event, they are often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI provides a report on the...more
One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states...more
In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and...more
Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk....more
We reported in July on a First Circuit Court of Appeals decision finding that a bank failed to implement commercially reasonable security methods to prevent unauthorized transfers by a criminal that gained the online banking...more