Oct. 16, 2019

Guide to Cybersecurity Training: Program Hallmarks and Whom to Train

People may pose more cybersecurity risk than software vulnerabilities, as evidenced by the large number of attacks that attempt to exploit the human factor, such as phishing attacks. Training is a crucial preventative measure, but can be challenging to implement effectively. This first part in our three-part training series discusses the importance of training as a cybersecurity defense, guidelines for establishing a training program and who should be trained. Part two will cover training the board, program components and how and when to implement training. Part three will address assessing results and how to conduct ongoing training. See also “Designing, Implementing and Assessing an Effective Employee Cybersecurity Training Program (Part One of Three)” (Feb. 17, 2016); Part Two (Mar. 2, 2016); and Part Three (Mar. 16, 2016).

How Much Cyber Insurance to Buy Based on How Claims Are Paid

Nearly every CEO, CRO or CISO is plagued by frustration that their cyber insurance broker cannot benchmark the amount of cyber insurance they need, and most approaches used by brokers – such as historical purchasing data or comparative metrics – do not align with how claims are paid. In this guest article, Ariel Evans, CEO of Cyber Innovative Technologies, explains the metrics on which claims are paid, considerations for calculating limits, and how to calculate limit adequacy. See “Guidelines for Securing Effective Cyber Insurance Policy Terms” (Apr. 17, 2019).

How Uber, eBay and Pitney Bowes Built Principles-Based Global Privacy Programs

Top privacy practitioners from Uber, Pitney Bowes and eBay shared how they have built principles-based global privacy programs at their companies in an environment of disparate privacy regimes – from the GDPR and the CCPA to sector-specific U.S. laws – at a recent IAPP panel moderated by Heather Egan Sussman, a partner at Orrick. We distill the key takeaways. See also our three-part series on the evolving roles of privacy and security professionals: “Examining Required Skills and Potential Convergence” (Sep. 5, 2018); “Effective Governance and Board Reporting” (Sep. 12, 2018); and “Operationalizing Policies, Incident Response and Vendor Management” (Sep. 19, 2018).

Portuguese DPA Holds Parts of Portuguese Data Protection Law Inconsistent With GDPR

Portugal finally implemented the GDPR in late August 2019, among the last E.U. Member States to do so. One month later, however, the Portuguese Data Protection Authority stated that it considered some of the provisions of the implementing law inconsistent with the GDPR and the Portuguese constitution. In a guest article, Ana Monteiro, head of the regulatory practice at Caetano de Freitas & Associados in Lisbon, describes the problematic provisions. For our previous discussion of the law with Monteiro, see “Examining Portugal’s GDPR Implementation Statute” (Aug. 21, 2019).

Robinson Bradshaw Welcomes Former Cybercrime Prosecutor

Allen O'Rourke has joined Robinson Bradshaw as a partner and co-chair of the firm’s cybersecurity and privacy practice in Charlotte, where he assists clients affected by cybercrime and handles investigations and litigation arising out of cybersecurity incidents.

Dentons Deepens Cyber Bench in London

Antonis Patrikios has joined Dentons as a partner in the firm’s global privacy and cybersecurity group in London, where he advises clients on issues relating to GDPR and new legal regime readiness; big data and adtech; and cybersecurity preparedness and incident response efforts. For more from Dentons, see “How to Walk the Tightrope of Cooperation and Privilege When Facing Government Investigations and Parallel Litigation” (Apr. 17, 2018).