Information Security and ISO 27001
A Compliance Officer Turned Board Member's Advice
Cyberside Chats: Protect Your Crown Jewels – Nobody breaks into a bank to steal the posters
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
Cyberside Chats - Zero Trust and Cyber Negligence: A conversation with Dr. Zero Trust Chase Cunningham
No Password Required: A Former Police Officer Who Embodies All the Qualities of a Great Leader
Modernize your Information Governance: Building a Framework for Success
CyberSide Chats: Recap of the White House Cyber Summit (with Amanda Fennell)
Canna We Talk Cannabis? Cybersecurity Risks Bring Growing Pains to Cannabis Businesses
The Importance Of Cybersecurity During A Merger & Acquisition Transaction
Phishing and Vishing and Smishing (Oh my!): New Types of Scams Require Increased Vigilance
The recent ransomware attack against the Duvel Moortgat Brewery demonstrated the very real risk that cybersecurity incidents pose to the alcohol industry, reportedly halting operations for several days at four of Duvel...more
NETWORK AND INFORMATION SECURITY 2 DIRECTIVE (NIS2) - WHO WILL BE IN SCOPE? Operators of essential and important services across various sectors including energy, transport, banking, health, medical devices, chemicals...more
Each month, we publish a roundup of the most important SEC enforcement developments for busy in-house lawyers and compliance professionals. This month we examine: • Fraud and internal control failure charges against...more
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
This week, the SEC filed a high-profile litigation asserting fraud and internal controls charges against software company SolarWinds Corporation and its Chief Information Security Officer, Timothy G. Brown, in connection with...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
The term cybersecurity is thrown about because it covers so many risks. There is no common definition of cybersecurity and the technical elements included in the term. From a technical standpoint, cybersecurity covers...more
China's Cybersecurity Law ("CSL"), Personal Information Protection Law ("PIPL") and Data Security Law ("DSL") set a series of rules and requirements for the cross-border transfer of personal information located in China....more
Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana of Mazars for the next installment in our PCI DSS 4.0 series. PCI DSS 4.0 brings major changes to payments with an increased focus on...more
The FTC has made news recently with its recent enforcement activity regarding companies’ alleged disclosures of consumer health data, as detailed in our recent post FTC to Advertisers: We’re tracking Your Use of Health...more
In the first installment of our cybersecurity series, we discussed the importance of developing and implementing practical Information Security policies and procedures within your organization as well as the ethical and legal...more
Information security will remain a top priority for all industries in 2023. Healthcare, government, and education will likely continue to be top targets for ransomware attacks, with for-profit businesses close behind. In...more
The FTC recently issued a proposed order that would settle an enforcement action against Drizly, LLC and its co-founder and CEO, James Rellas, arising from data breaches in 2018 and 2020 that affected over 2.5 million...more
In the late summer, the Consumer Financial Protection Bureau (CFPB) issued a circular that concluded in no uncertain terms that insufficient data protection or information security could be considered an unfair practice under...more
With the threat of cyber-attacks making the news, it is a good time for all non-profit organizations to review their policies and procedures with respect to data privacy. Many non-profit organizations are particularly...more
On March 1st, the United States Senate passed a historic cybersecurity bill with bipartisan and unanimous support. This bill impacts operators of federal infrastructure and federal civilian agencies. The Strengthening...more
What are the implications for data privacy and information security in the Metaverse? The metaverse will create an “even more immersive and embodied Internet”, where users can meet friends, collaborate with colleagues, play...more
The Federal Trade Commission’s revised Safeguards Rule, which enumerates specific cybersecurity standards and procedures, will impose many new obligations on companies that are covered as “financial institutions” under the...more
Report on Patient Privacy 22, no. 1 (January, 2022) - New Jersey issued its third settlement in three months on state-level health care privacy and security laws, announcing that three cancer care providers would adopt new...more
The federal government is trying to find as many ways as possible to handle the cybersecurity crisis facing the United States. While it is unlikely that Congress will pass a comprehensive federal cybersecurity law for the...more
Continued widespread cyber attacks have leaders in just about every industry wary and watchful, and insurance underwriters are no exception. Given the increase in claims from recent ransomware attacks, cyber insurers are...more
What is insider risk? Managing and minimising risk in your organisation starts with understanding the types of risks in the modern workplace. Some risks are driven by external events and factors that are outside of direct...more
This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (“SEC”). This focus is consistent with the SEC’s Division of...more
Editor’s Note: On September 30, 2021, HaystackID shared an educational webcast presented at the 2021 Privacy + Security Fall Academy. The webcast provided viewers with a framework and solutions for deploying privacy-based...more
A myopic focus on protecting EMR (Electronic Medical Records) systems has left healthcare organizations open to shadow information risk. In a world where hackers and ransomware criminals are regularly compromising healthcare...more