Current Issue Headlines
Vol. 4, No. 17 (Jun. 20, 2018)
Print This Issue
-
How to Maintain Effective and Secure Long-Term Vendor Relationships: Understanding the Risks (Part One of Two)
Once the critical process of vetting and selecting vendors is complete, the third-party oversight work begins. Change is inevitable – whether it be in regulations, data sets, technology, products, or circumstances – and organizations need to follow up with the vendors and ensure the relationship is maintained properly. Following a webinar we hosted on this topic, The Cybersecurity Law Report delved further into these issues with the panelists – Karen Hornbeck, senior manager at Consilio; Kristina Bergman, founder and CEO of Integris Software, and Aaron Tantleff, partner at Foley & Lardner. Our first installment of this two-part article series discusses the legal and technical third-party risks and what regulators (domestic and international) expect in terms of vendor oversight. Part two will provide advice on how to identify and address issues with third-party vendors, including when and how to revise contractual relationships and best practices for internal oversight structure. Vendor due diligence and oversight “doesn’t stop after you contract . . . you have to follow up on a regular basis to make sure they are complying with the terms,” Tantleff said. See also “Developing an Effective Third-Party Management Program” (Mar. 14, 2018); and “How to Move Beyond a Checklist Approach to Third-Party Oversight” (Dec. 6, 2017).
Read full article … -
What Are the GDPR’s Implications for Alternative Investment Managers? (Part One of Two)
While the business of an alternative investment fund manager will not involve the systematic processing of natural persons’ data, all investment management firms and funds will receive and process personal data in some way, shape or form in relation to their day-to-day business activities, thereby subjecting them to the most significant development in E.U. privacy law in two decades. This two-part guest article series breaks down the key provisions of the GDPR and how they may affect advisers and private funds. This first part reviews the driving forces behind the enactment of the GDPR, the territorial scope of the GDPR, the data-protection principles that apply when processing personal data, the legal bases pursuant to which in-scope firms may process personal data and the rules surrounding cross-border transfers of personal data. The second article will discuss the rights of data subjects, minimum requirements applicable to processors, the role of a DPO, cybersecurity measures required by the GDPR, the obligation to report breaches of the GDPR and parallel legislation introduced in the U.K. in light of Brexit. See also our two-part interview with the Irish Data Commissioner: “Supervising Facebook” (April. 25, 2018); and “GDPR Enforcement Priorities” (May 2, 2018).
Read full article … -
Managing Cyber Investigations: A CISO and In-House Counsel Discuss Best Practices for Real-Life Scenarios
Lawyers are increasingly on the front lines of responding to significant cyber incidents. At a recent Georgetown Cybersecurity Law Institute conference, panelists from three global companies discussed best practices and practical tips for attorneys managing a cyber investigation. Moderator Kimberly Peretti, a partner at Alston & Bird, presented three real-life scenarios to Wyndham Worldwide’s chief compliance officer, chief counsel for cybersecurity and privacy at SAIC and the CISO at Cvent, a global meetings and events technology software company. Their recommendations included planning ahead, creating and practicing robust incident response plans and fostering a strong relationship between legal and information security teams. See our three-part guide to developing and implementing a successful cyber incident response plan: “From Data Mapping to Evaluation” (Apr. 27, 2016); “Seven Key Components” (May 11, 2016); and “Does Your Plan Work?” (May 25, 2016).
Read full article … -
Norton Rose Fulbright’s Global Cyber Risk Group Welcomes Three Attorneys
Norton Rose Fulbright recently announced the addition of three partners to its global cyber risk group: Christopher Cwalina, the global co-head of cyber risk, in Washington, D.C.; Jeewon Kim Serrato, the U.S. head of data protection, privacy and cybersecurity, in San Francisco; and Steven Roosa, co-chair of the privacy and data security team, in New York. For more from Norton Rose Fulbright, see “How Cyber Stakeholders Can Speak the Same Language (Part One of Two),” (Jul. 20, 2016); Part Two (Aug. 3, 2016).
Read full article … -
Former Gibson Dunn Attorneys Join Bird & Bird Brussels Privacy & Data Protection Practice
Takeshige (Take) Sugimoto and Akihiro (Aki) Kawashima have joined the Brussels office of Bird & Bird as a partner and counsel, respectively, in the privacy and data protection practice, the firm recently announced. For more insight from Sugimoto, see “How Will the GDPR Affect Due Diligence?” (Mar. 14, 2018), and “New Criteria for Employee Monitoring Practices in Light of ECHR Decision” (Sep. 27, 2017).
Read full article …