No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Presumption of Innocence Podcast: Episode 39 - Unthreading the Silk Road: A Conversation With Author Nick Bilton
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
Episode 282 -- CISO and CCOs -- The Evolving Partnership
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: NFTs
Wire Fraud Scams: What You Need to Know - The Consumer Finance Podcast
No Password Required: The Sailing CTO of Sylint Group Who Routinely Defends Against Nation-State Attacks on Critical Infrastructure
Understanding the Additional Risks When Making a Ransomware Payment
2022 DSIR Deeper Dive: Ransomware
Fighting the Constantly Evolving Threat of Cybercrimes
Greetings and Felicitations - Aly McDevitt on Ransomware Case Study, Part 2
No Password Required: A Former Police Officer Who Embodies All the Qualities of a Great Leader
Not If, but When: A Data Protection Roadmap for Legal Teams in a Post-Pandemic World
No Password Required: An Infowar Expert Paved the Path From Rock-And-Roll to Cybersecurity
JONES DAY TALKS®: The eBay Cyberstalking Case: Mitigating the Compliance Risks of Employee Misconduct
Cybersecurity & Data Privacy Webinar Series: Password Protected: Essential Cybersecurity & Data Privacy Planning for Your Small Business
CF on Cyber: The Anatomy of a Ransomware Attack - Part 2
While some areas of white-collar enforcement have been deprioritized by the Trump Administration, the Department of Justice (DOJ) remains committed to its Civil Cyber-Fraud Initiative as demonstrated by two recent False...more
More than a decade ago, I expressed concern about the Securities and Exchange Commission's predilection for targeting victims of crimes. That concern related to an enforcement action against a company that had been...more
The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and...more
AT&T Inc. announced in a July 12, 2024, SEC filing that hackers stole a cache of six months’ worth of mobile phone customer data, illegally downloading the records from a workspace account at the cloud-service provider...more
On December 21, 2023, the Federal Communications Commission released an order updating its data breach rules. These updated rules require telecommunications providers to report breaches of customer proprietary network...more
Cybersecurity is a top concern for all industries, particularly for the pharmaceutical and medical device industries. These industries hold some of the most sensitive data and highly valuable technology, making them prime...more
An Article addressing key privacy and data security developments in 2021 and likely trends for 2022, including federal and state regulation and enforcement. This Article also discusses private litigation related to data...more
We continue our year-end review of SEC enforcement activity and turn our attention to a topic grabbing seemingly daily headlines across multiple industries: cybersecurity. As the risks – and realities – of cyberattacks...more
It was a tumultuous year for privacy and cybersecurity, and further uncertainty is all but guaranteed. The key to navigating this volatility, as 2020 proved, is to develop and maintain a proactive, agile and holistic data...more
Our Virtual Regional Compliance Conferences provide updates on the latest news in regulatory requirements, compliance enforcement, and strategies to develop effective compliance programs. Watch, listen, and ask questions from...more
Report on Patient Privacy 18, no. 1 (January 2021) - The HHS Office for Civil Rights (OCR) settled its 13th enforcement action in its Right of Access Initiative, first announced in 2019 to support individuals’ rights to...more
As financial damages caused by cyberattacks continue to rise, many companies are looking for ways to both prepare for potential risk and respond to an actual incident. ...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
In the span of two days, mobile device users learned of two data breaches that could compromise their personal data. In one, Experian (a credit reporting agency) reported that it was hacked, potentially putting 15 million...more
Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more
The Securities and Exchange Commission (“SEC”) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (the ...more
Cyberattacks are on the rise—so much that we seem to hear about a high-profile hack more often than it probably rains in most parts of California. Although reputational damage from a cyberattack can be scarring, a recent U.S....more
The SEC announced last week that an investment adviser had agreed to settle charges that it failed to take required steps to protect against and respond effectively to a cybersecurity breach. The action comes on the heels of...more
A week after OCIE announced it would conduct a second round of cyber-security exams, the Commission emphasized the issue by bringing an enforcement action against a non-custodial investment-adviser over a remediated data...more
The SEC’s focus in the action was not on the manner of the firm’s responses to the breach or whether there was any actual harm, but predominantly on the adequacy of the firm’s written policies for safeguarding customer...more
The government appears to be increasing its enforcement efforts regarding cybersecurity risks. A three-judge panel of the U.S Court of Appeals for the Third Circuit recently held the FTC may bring a claim that a company’s...more
As a privacy litigator, I could not help but observe an apparent contradiction in the way the Third Circuit allowed the FTC to pursue Wyndham Hotels for cybersecurity breaches under the FTC Act, but Judge Berman (SDNY)...more
Banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive...more
In a strongly worded opinion, the Third Circuit Court of Appeals on Monday slammed Wyndham Worldwide Corporation’s arguments that the FTC did not have jurisdiction to enforce the security practices of businesses following a...more
Companies can be fined by the federal government for failing to properly safeguard consumer data, according to a decision this week by Pennsylvania's federal appellate court....more