Aug. 3, 2022

Cybersecurity Compliance Lessons From NYDFS’ Carnival Action

Following four cybersecurity breaches that targeted the company between 2019 and 2021, the New York State Department of Financial Services (NYDFS) recently entered into a consent order with Carnival Corporation and hit the cruise ship company with a $5‑million penalty for violations of the department’s stringent Cybersecurity Regulation. With insight from attorneys at Debevoise, Clifford Chance and Hogan Lovells, including NYDFS veterans, we discuss key aspects of the breach and the consent order, and provide practical compliance lessons. See “Two Settlements Show NYDFS’ Hidden Power to Use Other States’ Breach Laws” (May 5, 2021).

How to Prepare for the Cybersecurity Incident Reporting for Critical Infrastructure Act

Passed as part of the omnibus spending bill on March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) will require critical infrastructure companies –which could include financial services companies, energy companies and other key businesses for which a disruption would impact economic security or public health and safety – to report any substantial cybersecurity incidents or ransom payments to the federal government within 72 and 24 hours, respectively. We discuss insights shared by experts during a recent program hosted by Strafford CLE Webinars on the new obligations under CIRCIA, the best practices to mitigate risks if noncompliant, and what the likely outcome of regulation of this Act will be. See “Lessons From CISA for In-House Counsel on Mitigating and Managing MSP Breach Threats” (Jun. 29, 2022).

Importance of In-House Counsel Discerning Their Client and Managing Evolving Attorney-Client Privilege Issues (Part One of Two)

In-house counsel who wear multiple hats may face a number of ethical issues as well as situations that make determining when the attorney-client privilege applies, and to whom it applies, difficult. This first article in a two-part series originally published in our sister publication, the Private Equity Law Report, covers a PLI program featuring in-house and outside counsel who examined the importance of correctly identifying which individual or entity is a GC’s client, as well as attorney-client privilege considerations in the context of PE transactions. The second article will cover the panelists’ insight on unique ethical issues that in-house counsel confront and will provide guidance for navigating common types of conflicts of interest. See “Data Breaches, Leaked Documents and the Attorney-Client Privilege: Can the Bell Really Be Unrung?” (Sep. 23, 2020).

Clifford Chance Welcomes Partner to Global Technology Group

Devika Kornbacher has joined Clifford Chance as a partner and co-head of the tech group. She is based in New York. For insight from Kornbacher, see “Drafting Data and Cybersecurity Provisions in Third-Party Vendor Agreements” (Mar. 22, 2022). For insight from Clifford Chance, see “Dangerous Harbor: Analyzing the European Court of Justice Ruling” (Oct. 14, 2015).

FisherBroyles Bolsters Cyber Practice in New York

FisherBroyles has announced its hire of Richard Reiter as a partner based in New York, where he represents clients in complex commercial disputes, including privacy, cyber, technology, media, intellectual property, employment, real estate, healthcare and insurance matters. For insight from FisherBroyles, see our three-part series on using cyber insurance to mitigate risk: “From Assessing the Need to Managing Existing Policies” (Oct. 3, 2018); “Getting Savvy About Cost and Policy Terms” (Oct. 10, 2018); and “Policy Management and Breach Response" (Oct. 17, 2018).