Current Issue Headlines
Vol. 4, No. 30 (Sep. 19, 2018)
Print This Issue
-
Evolving Roles of Privacy and Security Professionals: Operationalizing Policies, Incident Response and Vendor Management
Clear policies and effective collaboration go a long way toward improving security and privacy efforts across an enterprise. In this three-part series, current and former privacy and security leaders share their insights on how the CPO and CISO can effectuate these practices and protect their organizations. This final installment covers policy ownership and ideal implementation, and includes advice on effective collaboration when preparing for and responding to incidents and when assessing and contracting with third parties. Part two discussed effective governance, including reporting structure and the relationship with the board. Part one addressed how the skills necessary for each function have changed, how to combat ongoing challenges and whether companies should consider a convergence of the roles.
Read full article … -
Ohio Adopts Pioneering Cybersecurity Safe Harbor for Companies
Organizations struggle to understand how the government will view their security programs, and what liability they will have after a data security incident. In the absence of U.S. federal regulation, more states are taking legislative action to provide some clarity. The recently signed Ohio Data Protection Act, which comes into effect on November 2, 2018, will create a safe harbor for covered entities that implement a cybersecurity program in accordance with the act’s requirements. Organizations will be able to use the safe harbor as an affirmative defense in post-breach litigation. The Act is likely to benefit businesses that qualify for the safe harbor, but its greatest significance, said Jason Wool, a counsel at ZwillGen, is that it may be “indicative of a future trend in which states – and maybe even the federal government – will provide meaningful incentives to companies for the implementation of cybersecurity frameworks and standards on a voluntary basis.” See also “Colorado’s Revised Cybersecurity Law Clarifies and Strengthens Existing Requirements,” (Sep. 12, 2018); and “Analyzing New and Amended State Breach Notification Laws” (Jun. 6, 2018).
Read full article … -
Measures for Resolving Business Disputes Over Data Privacy and Security
Data breach incidents often result in finger-pointing: Whose fault was it? Who should have discovered it sooner? Who will be paying for the cleanup of the problem? Should tensions escalate as businesses attempt to answer those very questions, a company may well be tempted to resolve the matter in court. But that may not be the best possible venue for complicated technical issues and sometimes conflicting legal requirements to be resolved. In a recent Practising Law Institute presentation, panelists discussed the delicate considerations associated with B2B data incident disputes, including unwanted publicity and undesirable precedents, the viability of alternative approaches to dispute resolution and how to avoid being caught up in a legal quagmire. The Cybersecurity Law Report shares pertinent insights from the experts. See also “How to Maximize a Cybersecurity Budget in a Time of Change” (Aug. 22, 2018), “How Small Businesses Can Maximize Cybersecurity Protections and Prioritize Their Spending” (Jul. 12, 2017) and “Managing Risk for the Internet of Things in the Current Regulatory Landscape” (May 11, 2016).
Read full article … -
Former FTC Commissioner Joins Covington’s Data Privacy and Cybersecurity Practice Group
Terrell McSweeny, a former FTC Commissioner, has joined Covington as a partner in the firm’s data privacy and cybersecurity and antitrust and competition law practice groups in Washington, D.C. Prior to her FTC appointment, she served as Chief Counsel for Competition Policy and Intergovernmental Relations for the DOJ’s Antitrust Division. For coverage of McSweeny’s tenure at the FTC, see “FTC Settlements in Privacy Shield Cases and With Lenovo Over Use of “Man-in-the-Middle” Software Highlight Vigorous Enforcement Efforts” (Sep. 27, 2017).
Read full article … -
FisherBroyles Welcomes Cybersecurity Partner in Boston
FisherBroyles has announced that Scott Nathan will join its Boston office as a partner. Nathan advises clients on compliance with federal, state and international data privacy and security laws, negotiating agreements between multinational clients and vendors and managing intellectual property. For more from FisherBroyles, see “Making Sense of Conflicting Standing Decisions in Data Breach Cases” (Mar. 30, 2016).
Read full article …