No Password Required: An FBI Special Agent's Journey from Submarines to Anti-Corruption to Cybersecurity
Life With GDPR: Episode 22- Morrisons’ and vicarious liability
This Week in FCPA-Episode 55, the Covfefe Edition
This week, the SEC filed a high-profile litigation asserting fraud and internal controls charges against software company SolarWinds Corporation and its Chief Information Security Officer, Timothy G. Brown, in connection with...more
Information security will remain a top priority for all industries in 2023. Healthcare, government, and education will likely continue to be top targets for ransomware attacks, with for-profit businesses close behind. In...more
Andy Sekela is the Private Sector Coordinator for the FBI Tampa Division, who may just be on a mission to have the world’s coolest resumé. In this episode, Andy joins the No Password Required team to talk about his diverse...more
Two legal cases in the US in the past month suggest that regulators and prosecutors are becoming more determined to take personal action against directors and senior executives who fail to deal adequately with cyber security...more
On November 18, 2021, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) issued a joint final rule (the...more
Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach. In early November, pension funds and...more
Supreme Court of Virginia Declines Certified Questions from Federal Court in In re: Capital One Consumer Data Security Breach Litigation - The lawsuit In re: Capital One Consumer Data Security Breach Litigation, has already...more
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a Policy Statement instructing health app and connected device companies to comply with the Health Breach Notification Rule (“the Rule”). The Rule, codified...more
The need to input a username and password when logging into a computer is a “single factor” authentication. But, from a security perspective, that single factor authentication only goes so far. Consider, for example, the...more
Colonial Pipeline shut down 5,500 miles of its East Coast pipeline on May 7, 2021, in an effort to contain a security breach resulting from a ransomware attack. Colonial’s pipeline is one of the nation’s largest and carries...more
In a recent post, we highlighted the need for a privacy and cybersecurity training program, one not solely focused on spotting phishing attempts (although that is quite important as well). A primary reason, quite simply, is...more
In today’s business landscape, it is nearly impossible to work alone. You have to collaborate with clients, vendors, suppliers, specialists, and plenty of other partners all considered third parties to your organization. As a...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
In this episode, I visit with Jonathan Armstrong on the recent UK court of appeals decision in the Morrisons’ case. This decision stretched the limits of vicarious liability for a corporation to the absolute breaking point...more
Many are lamenting not purchasing bitcoin now that its value has skyrocketed. Yesterday, Massachusetts Secretary of State William Galvin warned investors to stay away from investing in bitcoin, as he considers it a financial...more
One of the most eye-catching items in the recently released 2017 Annual Report of the Enforcement Division of the Securities and Exchange Commission (SEC or the Commission) is the significant decline in enforcement activity...more
This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss: 1. Brazilian meatpacker JBS agrees to the largest fine ever for fine for bribery and corruption, $3.2bn...more
Late last month a jury awarded Mount Olympus Mortgage Company (MOMC) more than $25 million for their claims against Guaranteed Rate (Guaranteed), which alleged Guaranteed along with other former employees of MOMC illegally...more
On December 7, 2015, after more than two years of legislative consideration, the European Union adopted the Directive on Network and Information Security (“NIS Directive”). Under the NIS Directive, operators of essential...more
Many insurance coverage disputes can be, should be, and are settled without the need for litigation and its attendant costs and distractions. However, some disputes cannot be settled, and organizations are compelled to resort...more
Washington and Oregon both recently updated laws that define data security and incident response requirements for breaches of consumers’ personal information. Details of these new requirements for each state are below. ...more