Data Breach Plans

News & Analysis as of

Cyber Threats: Can you Answer These Questions from the Board?

Discussions about cyber threats have moved from ‘server rooms’ to ‘Board rooms.’ For good reason – hacks and breaches of corporate data and trade secrets can seriously compromise a company and spark significant reputational...more

NAIC Cybersecurity Task Force Adopts Cybersecurity Bill of Rights

On October 14, 2015, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force adopted the Cybersecurity Bill of Rights, a document meant to inform consumers of the services they can expect from...more

Data Breach Planning in 10 Easy Steps: How to Think Like A Litigator

For the first Tuesday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator....more

CFTC Approves NFA Interpretive Notice on Information Systems Security Programs, Including Cybersecurity Guidance

The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs...more

Cybersecurity and Risk Management: “Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers”

A timely new resource for business executives, technology professionals, and lawyers alike is the newly-published Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers from the New York...more

SEC Cybersecurity Update

Results from the SEC’s First Round of Cybersecurity Examinations - On February 3, 2015, the OCIE published a risk alert summarizing its findings from its examinations of over 100 registered investment advisers and...more

PCI Security Standards Council Issues “How-To” Guide For Responding To A Data Breach

On September 29, 2015, the PCI Security Standards Council (“PCI SSC”) issued a press release and accompanying guidance to businesses for incident response management in the event of a data breach. PCI SSC is a global forum...more

Data Breaches, Media Relations, and the Bottom Line

Data breaches are crisis moments that business must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory...more

The FTC’s Broad Authority and FTC v. Wyndham: Thinking about the Future of Data Privacy Regulations

What makes data privacy law interesting for academics, challenging for lawyers, and frustrating for businesses its shape-shifting structure in the face of rapidly changing technology. The recent change in the invalidation of...more

SEC Announces Second Wave of Cyber Exams of Broker Dealers and Advisors – Is Your Firm Ready?

In April 2014, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert announcing its first cybersecurity sweep initiative. Pursuant to that initiative,...more

Data Breaches Are Not Academic: Colleges and Universities Should Take Appropriate Steps To Avoid or at Least Minimize Their...

Data breaches at colleges and universities are on the rise. These institutions are targets because their networks have access to a large amount of private information, including educational and medical records, as well as...more

SEC Brings First Cybersecurity Enforcement Proceeding in Wake of Risk Alert

Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more

PCI Security Standards Council Publishes Data Breach Response Guidance

The PCI Security Standards Council (PCI-SSC) has released new guidance on its website advising merchants how to deal with a data breach. The guidance particularly details when a PCI Forensic Investigator (PFI) will be...more

Notifying Parties In Username/Password Breaches . . . It’s Not Just the Law

As we head into the end of 2015, state legislators across the country continue to strengthen, update and, in some instances, broaden the scope of their respective state data breach notification laws. Specifically, many...more

SEC Provides Additional Information On Cybersecurity Examinations

On September 15, 2015, the Security and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert to provide additional information on the areas of focus for its second round of...more

OCIE’s 2015 Cybersecurity Examination Initiative

Second Round of Cybersecurity Examinations to Begin - On September 15, 2015, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a Risk Alert announcing a...more

Cybersecurity for Medical Devices: A Risk Mitigation Checklist for In-House Counsel

Just this summer, a cybersecurity firm issued a report widely cited in the media detailing cases where unnamed hospitals were allegedly hit by data breaches after medical devices (identified only generically as a blood gas...more

Special Alert: Third Circuit Gives FTC Green Light to Continue Enforcing Corporate Data Security

Last week, the U.S. Court of Appeals for the Third Circuit affirmed the Federal Trade Commission’s authority to hold companies accountable for their data security practices under Section 5 of the FTC Act (15 U.S.C. § 45(a)),...more

Federal Appeals Court Recognizes for the First Time the FTC’s Authority to Enforce Cybersecurity Practices

On August 24, 2015, the Third Circuit Court of Appeals issued a much-awaited decision in FTC v. Wyndham Worldwide Corporation, holding that the Federal Trade Commission (FTC) has authority to regulate “unfair” or “deceptive”...more

The IRS Acknowledges Data Breach Worse Than Reported

On August 17, 2015, the Internal Revenue Service (“IRS”) announced that a breach of U.S. taxpayers’ personal information, first disclosed in May, was three times worse than previously thought. While initial reports indicated...more

FCC Settles First Data Security Enforcement Action

On July 9, 2015, the Federal Communications Commission settled its first data security case with two related telecommunications carriers – TerraCom, Inc. and YourTel America, Inc. – for $3.5 million. The settlement resolves...more

Assessing Your Cybersecurity Preparedness: It May Be Time to Update Your Bank’s Information Security Plan and Response Program

With increased oversight, regulatory scrutiny and risk related to cybersecurity, now is the time for those in the banking industry to be proactive in managing cybersecurity risk. Waiting until a breach occurs to formulate or...more

Intellectual Property Newsletter - July - August 2015

Protecting Trade Secrets in the Era of the Data Breach - The prevalence of data breaches cannot be ignored. New data breaches continue to occur one after an-other. In the first half of 2015 alone there were reports of...more

Oregon Amends Data Breach Law — Companies Can Expect More Enforcement Actions

Oregon Gov. Kate Brown recently signed into law amendments to the state’s data breach law. These amendments recognize the growing definition of data, expand the role of the Attorney General in addressing data breaches,...more

GAO Issues Report Citing Shortcomings In Federal Government Cybersecurity

On July 8, 2015, the Government Accountability Office (“GAO”) issued a report finding that agencies across the federal government continue to have shortcomings in preventing, detecting, and responding to cyber threats. The...more

57 Results
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.