Current Issue Headlines
Vol. 4, No. 8 (Apr. 18, 2018)
Print This Issue
-
When and How Legal and Information Security Should Engage on Cyber Strategy: Vendors and M&A (Part Three of Three)
Effective cybersecurity strategy requires the legal and security functions to work together when assessing third parties, either in the context of hiring a vendor or merging with or acquiring a new company. “I don’t think they’re coordinating very well,” Akin partner Michelle Reed told The Cybersecurity Law Report. With insight from Reed and technical experts, this third installment of our three-part series on when and how legal and security professionals should be communicating to build strong working relationships for a robust cybersecurity and data privacy program tackles coordination between the two teams on vendor assessments, M&A due diligence and combatting insider threats. Part two examined how both teams can coordinate on incident response and to assess risk and privacy impact. Part one covered how to structure corporate governance for optimal collaboration between these two groups. See also “Effective M&A Contract Drafting and Internal Cyber Diligence and Disclosure” (Dec. 20, 2017) and “Mitigating Cyber Risk in M&A Deals and Third-Party Relationships” (Jul. 6, 2016).
Read full article … -
Guidance and Clarification on Asia’s Evolving Cybersecurity and Data Protection Laws
Cybersecurity and data protection laws are changing rapidly across Asia, and it is imperative for companies operating in that jurisdiction to track and understand these developments. Yet, the existing guidance can be lacking. In this guest article, DLA Piper attorneys Scott Thiel and Maggie Wong answer critical questions about how the Chinese laws can impact a range of organizations and provide updates on Chinese enforcement and guidance, on which companies are particularly seeking clarification. They also provide top takeaways from Singapore’s new cybersecurity regulations and address developments in Australia, Malaysia and other active enforcement regimes in the Asia Pacific region. See also “The Sword of Damocles in the Information Age: How to Face the New Challenges Under the Chinese Cybersecurity Law” (Jan. 11, 2017).
Read full article … -
Ten Common Post-Breach Public Relations Failures and How to Avoid Them
In the heated aftermath of a breach, organizations are susceptible to making PR mistakes that can have substantial and lasting negative impacts on the company’s reputation and customer relations. At IAPP’s Global Privacy Summit 2018, Tanya Forsheit, a partner at Frankfurt Kurnit Klein & Selz, and Siobhan Gorman, a partner at the Brunswick Group, highlighted ten common and specific post-breach PR mistakes and lessons that can be learned from them. For more from Forsheit, see “The GDPR’s Data Subject Rights and Why They Matter” (Feb. 28, 2018). For more from Gorman, see “Cyber Crisis Communication Plans: What Works and What to Avoid (Part One of Two)” (Jun. 14, 2017); Part Two (Jun. 28, 2017).
Read full article … -
Former Chief of the Bureau of Internet & Technology for the New York AG Joins Lowenstein Sandler
Kathleen McGee, a former Chief of the Bureau of Internet & Technology in the New York State Attorney General’s office, has joined Lowenstein Sandler in New York as counsel in the firm’s tech group as well as the white collar criminal defense practice. For more from the firm, see “Essential Cyber Due Diligence Considerations in M&A Deals Raised by Yahoo Breach” (Oct. 5, 2016).
Read full article … -
Michael Best Bolsters Chicago Privacy & Data Security Practice
Ryan Sulkin has recently joined the privacy & data security practice of Michael Best in Chicago as a partner, where he will advise clients on matters relating to information technology, outsourcing and data protection. Sulkin joins from DLA Piper, where he was an attorney in the technology, sourcing and commercial practice. See also “Former Chief Privacy Officer in Texas State Government Joins Michael Best in Austin” (Mar. 28, 2018).
Read full article … -
Spring Webinar Series: GDPR Deadline – How Asset Managers and Banks Plan to Comply
Please join The Cybersecurity Law Report on May 3, 2018, from 12:00 to 1:00 p.m. EST for the first program in its spring webinar series, “GDPR Deadline – How Asset Managers and Banks Plan to Comply.” The General Data Protection Regulation (GDPR) is the most significant revision of privacy law since the introduction of the original E.U. 1995 data protection directive, and it goes into effect on May 25, 2018. This complimentary webinar will delve into strategies the financial sector is using to overcome GDPR compliance challenges with insight from several experts, including Dominque Shelton, a partner at Perkins Coie, and Todd Marlin, a principal in EY’s forensic technology and discovery services practice. The panelists will address a range of topics, including incorporating the role of the DPO; handling third parties; setting budgets; implementing breach notification procedures; and processing subject access requests. Registration information is available here. See “EY Global Data Analytics Survey Finds Lack of GDPR Preparedness and Need for Cross-Functional Collaboration” (Mar. 28, 2018); and “How Will the GDPR Affect Due Diligence?” (Mar. 14, 2018).
Read full article …