What directors really need to know about the SEC guidance that has generated so much chatter.
With so much boardroom attention on cybersecurity, directors continue to focus on the Securities and Exchange Commission (SEC)...more
As of December 31, 2017, many United States government contractors face a new compliance requirement involving cybersecurity. This requirement will govern most new Department of Defense (DoD) contracts and, significantly,...more
12/26/2017
/ Bid Protests ,
Breach of Contract ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
NIST ,
Popular
The DFARS final rule requires contractors to safeguard information systems and imposes investigation and reporting requirements in the case of cyber incidents.
As of December 31, 2017, many United States government...more
HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons.
Key Points:
..Healthcare organizations are particularly vulnerable to ransomware...more
7/11/2017
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cyber Incident Reporting ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Incident Response Plans ,
OCR ,
Popular ,
Ransomware ,
Risk Management ,
Security and Privacy Controls
Trump Administration’s required cybersecurity assessments provide potential for new round of public-private collaboration.
The Trump Administration recently issued a much anticipated Executive Order (EO) addressing...more
The Trump Administration has issued a much anticipated Executive Order (EO),“Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” directing federal executive agency heads to undertake various...more
Ransomware is not only a growing security threat but a potentially thorny notification issue.
Ransomware is one of the most prevalent cybersecurity threats afflicting businesses today. When an attack hits, a victim...more
Tax-related identity theft is nothing new, but tax season 2016 took tax schemes to a new level.
Last year, our cyber experts advised a large cluster of clients (public and private companies) over a period of only two...more
The revised regulations eliminate many of the categorical requirements in the original proposal and instead adopt a more risk-based approach.
On December 28, 2016, the New York State Department of Financial Services...more
Comments submitted on the proposed regulations criticize the lack of a risk-based approach, overbroad definitions, potential extraterritorial implications, an excessive breach notification threshold and a daunting annual...more
The Standing Committee of the National People’s Congress of the People’s Republic of China (PRC) has introduced China’s first and comprehensive Network Security Law (also referred to as Cybersecurity Law). The law will have...more
The law will have far-reaching implications for parties that utilize the Internet and handle network data and personal information in the PRC.
On November 7, 2016, the Standing Committee of the National People’s Congress...more
Hacking of organizations’ systems is becoming increasingly commonplace, even with advancements in security practices. To mitigate risk, a company must have an enterprise-level, cross-functional incident response plan that is...more
Landmark ruling establishes a variety of new obligations, but long-term effects remain unclear.
On November 2, 2016, the US Federal Communications Commission (FCC) released an order adopting new privacy rules that will...more
Hacking of organisations’ systems is becoming increasingly commonplace, even with advancements in security practices. To mitigate risk, a company must have an enterprise-level, cross-functional incident response plan that is...more
Preparing for and rehearsing how to respond to a breach is as important as improving security systems and protocols.
Hacking of organizations’ systems is becoming increasingly commonplace, even with advancements in...more
New law requires employers to give notice of immunity rights in order to recover enhanced damages.
President Obama signed the Defend Trade Secrets Act (DTSA) into law on May 11, 2016. Certain relief available to...more
Broadband Internet access service providers would face a new, top-to-bottom consumer privacy regime.
Twelve months after the US Federal Communications Commission (FCC) imposed common-carrier telecommunications rules on...more
4/13/2016
/ Breach Notification Rule ,
Broadband ,
Comment Period ,
Customer Proprietary Network Information (CPNI) ,
Data Security ,
Data-Sharing ,
FCC ,
Internet Privacy ,
Internet Service Providers (ISPs) ,
Open Internet Rules ,
Opt-Outs ,
Personally Identifiable Information ,
Proposed Regulation ,
Third-Party
On March 17, 2016, the Civil Liberties Committee convened to discuss whether the Privacy Shield framework that will replace Safe Harbor provides adequate protection to the data of EU citizens. A number of experts were...more
3/24/2016
/ Article 29 Working Party (WP29) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Judicial Redress Act ,
Ombudsman ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
Legislation may change the way government and the private sector collaborate on cybersecurity.
After years of vigorous debate and numerous false starts, in the closing hours of its 2015 session, the US Congress...more
Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor...more
2/5/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
In a stunning victory, an administrative law judge has recommended the dismissal of a long-pending US Federal Trade Commission (FTC) complaint against LabMD, Inc. (LabMD). In a strongly worded opinion in a case that had...more
1. Start Early -
Buyers should begin conducting cybersecurity risk assessments early in the engagement process. The target should be able to identify which information technology systems and data sets are key to the...more
The so called Article 29 Working Party met on October 15, 2015 to discuss the consequences of the Schrems Judgment of the European Court of Justice (ECJ). On October 16, 2015, the Working Party published a Statement...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Judicial Redress Act ,
Legislative Agendas ,
Member State ,
Model Contracts ,
Schrems I & Schrems II
On October 6, the European Court of Justice ruled that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from...more
10/7/2015
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU Directive ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Member State ,
Model Contracts ,
US-EU Safe Harbor Framework