Current Issue Headlines
Vol. 4, No. 37 (Nov. 7, 2018)
Print This Issue
-
How to Improve Risk Analysis in the Wake of the Anthem’s Record Settlement
In the wake of the largest U.S. health care data breach in history, Anthem, Inc., has agreed to pay $16 million to the U.S. Department of Health and Human Services, Office for Civil Rights, a record settlement for alleged HIPAA violations. In addition to the monetary payment, Anthem agreed to conduct a thorough and accurate risk analysis – a challenge for many organizations. In this article, we discuss the Anthem breach and provide expert insight about avoiding common risk analysis pitfalls, identifying steps organizations in all sectors should take to conduct an effective and compliant assessment, and how to use the assessment report to mitigate risk. See also “Using a Risk Assessment as a Critical Component of a Robust Cybersecurity Program (Part One of Two)” (Nov. 16, 2016); Part Two (Nov. 30, 2016).
Read full article … -
WhiteHat Report on the Software Lifecycle and Visa Bug Bounty Program Demonstrate the Need for Greater App Security
Security programs need to be aligned closely with the software development cycle, WhiteHat Security’s 2018 Application Security Statistics Report reveals. Software is reused 70 percent of the time and vulnerabilities in reused software persist in the new application. Penetration testing to detect and mitigate the risk of these vulnerabilities would be beneficial but difficult. However, a carefully managed bug bounty program can provide flexibility of scope that allows for testing on all of those applications so companies can get as close as possible to complete asset coverage. The Cybersecurity Law Report analyzes the results of the statistics report and discusses Visa’s experience using a private bug bounty program as covered in a recent webinar. See also “Proactive Steps to Prevent Legal Pitfalls in Bug Bounty Programs” (Apr. 5, 2017) and “How to Establish and Manage a Successful Bug Bounty Program” (Mar. 22, 2017).
Read full article … -
How GoDaddy Built an Effective Privacy Program
Every company needs to customize its privacy approach and program, but insights from others’ successful experiences can help provide benchmarks, inspiration and best practices. At IAPP’s recent Privacy.Security.Risk conference, GoDaddy, the world’s largest internet domain name registrar, explained how it made its privacy program effective. GoDaddy’s chief privacy and risk officer Todd Redfoot was joined by assistant general counsel Serena Lai and director of technology risk management Leticia Webb. The team described how they built and implemented a broad and comprehensive program, tackled GDPR requirements and took innovative steps such as incorporating technologies to automate privacy compliance. See also “Building a Customer Privacy Program: Lessons from Dupont’s Privacy Leaders” (May 9, 2018).
Read full article … -
Upcoming HFLR Webinar to Explore Recent Trends in SEC Examinations of Private Fund Managers
Please join our sister publication, The Hedge Fund Law Report, on Thursday, November 8, 2018, at 11:00 a.m. EST for a complimentary webinar discussing how examiners from the SEC’s Office of Compliance Inspections and Examinations (OCIE) are currently approaching examinations of private fund managers, as well as OCIE’s key areas of focus during these exams. The webinar, entitled “Recent Trends in SEC Examinations of Private Fund Managers,” will be moderated by Kara Bingham, the Senior Editor of The Hedge Fund Law Report, and will feature Andrew M. Calamari, a partner at Finn Dixon & Herling and former Director of the SEC’s New York Regional Office; Patricia A. Poglinco, a partner at Seward & Kissel; and Joel A. Wattenbarger, a partner at Ropes & Gray. To register for the webinar, click here.
Read full article … -
Holland & Knight Welcomes Cyber and IP Partner in New York
Mark Francis has joined Holland & Knight as a partner in the firm’s cybersecurity, data breach and privacy practice in New York, where he advises clients on tech and data, transactional and litigation matters. For more from Holland & Knight, see “How to Handle Rising Expectations for Board Cyber Education and Involvement” (Mar. 14, 2018).
Read full article … -
Baker Donelson Bolsters Data Protection, Privacy and Cybersecurity Team in Fort Lauderdale
Aldo M. Leiva has joined Baker Donelson in Fort Lauderdale as of counsel in the firm’s data protection, privacy and cybersecurity and business litigation groups, where he advises clients on compliance with federal, state and international data security and privacy laws.
Read full article …