The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Information Governance

  • From Vol. 4 No.24 (Aug. 8, 2018)

    Essential Cyber, Tech and Privacy M&A Due Diligence Considerations

    Evolving threats, regulatory focus and innovation require every transaction to now include some technology, privacy and cybersecurity due diligence. A target’s problems in these areas can manifest themselves in painful ways, whereas a robust infrastructure can dramatically improve value. This article covers a recent ACA Aponix program that detailed key issues to consider when reviewing cybersecurity, information technology and regulatory compliance at target and portfolio companies. See also “Effective M&A Contract Drafting and Internal Cyber Diligence and Disclosure” (Dec. 20, 2017).

    Read Full Article …
  • From Vol. 4 No.21 (Jul. 18, 2018)

    Overcoming Barriers to Cross-Border Data Flows, Contract Provisions and Other Digital Transformation Issues

    “Cross-border data matters because every industry is now data-driven,” Ambassador Robert Holleyman, a partner at Crowell & Moring, observed at a recent program presented by the firm. The panelists explored issues relating to the use and exchange of data in an increasingly interconnected world, including barriers to data flows, five key contract provisions for cross-border agreements and digital advertising and tracking. Along with Holleyman, the program featured Crowell & Moring partners Bryan Brewer and Amy B. Comer, as well as senior counsel Maarten Stassen. See “Reconciling Data Localization Laws and the Global Flow of Information” (Oct. 11, 2017).

    Read Full Article …
  • From Vol. 4 No.15 (Jun. 6, 2018)

    Analyzing New and Amended State Breach Notification Laws

    With the recent adoption of statutes by Alabama and South Dakota this year, all 50 states have breach notification laws integrating notification procedures. Arizona, Colorado and Oregon have also recently revised and strengthened their existing data breach notification laws. This article details the provisions of the new statutes and amendments, with insights from McGuireWoods partner Janet P. Peyton. See “Synthesizing Breach Notification Laws in the U.S. and Across the Globe” (Mar. 2, 2016).

    Read Full Article …
  • From Vol. 4 No.14 (May 30, 2018)

    Understanding the Intersection of Law and Artificial Intelligence

    How can lawyers effectively use artificial intelligence and mitigate the myriad risks it poses? During a recent Strafford panel, Robert W. Kantner, a partner at Jones Day; Michael W. Kelly and Huu Nguyen, both partners at Squire Patton Boggs; and Dennis Garcia, an assistant general counsel at Microsoft, provided insight on how to make the most of AI. See “Using Big Data Legally and Ethically While Leveraging Its Value (Part One of Two)” (May 17, 2017) and Part Two (May 31, 2017).

    Read Full Article …
  • From Vol. 4 No.4 (Feb. 28, 2018)

    Financial Firms Must Supervise Their IT Providers to Avoid CFTC Enforcement Action

    The CFTC recently announced a settlement with futures firm AMP Global Clearing LLC (AMP), which had tens of thousands of client records compromised after its IT vendor unknowingly installed a backup drive on AMP’s network that included an unsecured port. The settlement order requires AMP to cease and desist from future violations, pay a civil penalty of $100,000 and report to the CFTC for the next year on its efforts to improve its digital security. “As this case shows, the CFTC will work hard to ensure regulated entities live up to that responsibility, which has taken on increasing importance as cyber threats extend across our financial system,” said CFTC Director of Enforcement James McDonald. In particular, it is a reminder of the importance of monitoring third-party service providers. In this article, we analyze the case and relevant remedial steps AMP agreed to take. For more from the CFTC, see “Virtual Currencies Present Significant Risk and Opportunity, Demanding Focus From Regulators, According to CFTC Chair” (Feb. 14, 2018).

    Read Full Article …
  • From Vol. 3 No.22 (Nov. 8, 2017)

    How to Mitigate the Risks of Open-Source Software (Part Two of Two)

    Companies may be unaware they are using open-source software in their operations. This can be significant because while OSS is inexpensive and reliable, it does carry with it significant cybersecurity and intellectual property risks that should be addressed. A recent Strafford program offered a comprehensive primer on OSS and insights on designing appropriate compliance controls for its use. The program featured James G. Gatto, a partner at Sheppard Mullin Richter & Hampton and Baker Botts attorneys Luke K. Pedersen and Andrew Wilson. Part two of our coverage discusses where attorneys encounter OSS challenges, how to identify whether a company is using OSS, best practices for OSS governance, and patent issues that OSS presents. Part one explained the key legal issues, common OSS license provisions, and cybersecurity and litigation risks. See also “Tech Meets Legal Spotlight: What to Do When IT and Legal Slow the Retention of a Third-Party Vendor” (Nov. 30, 2016).

    Read Full Article …
  • From Vol. 3 No.20 (Oct. 11, 2017)

    FTC Launches Stick With Security Series, Adding Detail and Guidance to Its Start With Security Guide (Part Two of Two)

    Companies continue to seek more detailed guidance on data-security expectations from regulators such as the FTC. As a follow-up to its 2015 Start With Security Guide, which contained 10 fundamentals, the FTC launched its Stick With Security blog series. It builds on those 10 principles using hypotheticals to take “a deeper dive” into proactive data-protection steps. The first article in our two-part series examined the blog posts analyzing the first five principles of Start With, and this second article continues with the remaining five. The “examples in the posts help companies with line drawing and balancing risk,” Kelley Drye partner Dana Rosenfeld told The Cybersecurity Law Report. See “FTC Priorities for 2017 and Beyond” (Jan. 11, 2017); and “A Behind-the-Curtains View of FTC Security and Privacy Expectations” (Mar. 16, 2016).  

    Read Full Article …
  • From Vol. 3 No.11 (May 31, 2017)

    Using Big Data Legally and Ethically While Leveraging Its Value (Part Two of Two)

    Companies across industries are leveraging big-data analytics to enhance their products and services, improve marketing efforts and prevent fraud and abuse of their services. But how do they do this legally and ethically given the challenges of tracking the rights and restrictions that accompany such a vast array of data? With input from in-house compliance professionals and outside counsel, this two-part article series offers practical guidance for designing big-data initiatives that ensure the legal and ethical use of big data across industries. This second installment presents nine areas to consider in achieving compliance, including advice on transparency, security hygiene, resources for guidance, and strategies for dealing with third-party vendors. It also addresses common challenges and the future of big-data analytics. The first part explored what is meant by “big data,” how it is collected and used by various industries and applicable legal requirements. See also “The FTC’s Big Data Report Helps Companies Maximize Benefits While Staying Compliant” (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 3 No.11 (May 31, 2017)

    One Year Until GDPR Enforcement: Five Steps Companies Should Take Now

    The European Union’s General Data Protection Regulation (GDPR) will be enforceable on May 25, 2018, with consequences for global businesses far broader than those of the decades-old European Data Protection Directive it replaces. The GDPR will have a vast reach, applying not only to E.U. companies that process personal data, but also non-E.U. companies that process personal data in connection with offering goods and services to individuals in the E.U. It will likewise apply to companies, regardless of location, that process data in the course of monitoring or profiling individuals in the E.U. In this guest article, Kiran Raj, Mallory Jensen and Sara Zdeb, attorneys at O’Melveny & Myers, discuss five key steps companies should take now to ensure compliance with the GDPR’s transformative requirements, avoid significant penalties, and improve their overall data-management practices. See also “A Discussion With Ireland’s Data Protection Commissioner Helen Dixon About GDPR Compliance Strategies (Part One of Two)” (Mar. 22, 2017); Part Two (Apr. 5, 2017).

    Read Full Article …
  • From Vol. 3 No.11 (May 31, 2017)

    Advice on Incorporating Cybersecurity in eDiscovery

    A litigation will often involve an organization’s most sensitive data, and the protection of that data must not be an afterthought, panelists, including eBay’s director of eDiscovery and a law firm CIO and CISO, said at an EY program on eDiscovery. They shared best practices that are often forgotten when managing documents before, during and after litigation. See “The Wisdom of Planning Ahead: The Duty to Preserve Backup Tapes, Mobile Devices and Instant Messages” (Apr. 19, 2017).

    Read Full Article …
  • From Vol. 3 No.10 (May 17, 2017)

    Using Big Data Legally and Ethically While Leveraging Its Value (Part One of Two)

    Companies across industries are leveraging big-data analytics to enhance their products and services, improve marketing efforts and prevent fraud and abuse of their services. Big data offers substantial societal and public-health benefits, but companies must evaluate complex privacy and regulatory challenges when they are analyzing aggregated purchasing behavior, consumer online activity, or medical information for secondary uses. With input from in-house compliance professionals and outside counsel, this two-part article series offers practical guidance for designing big-data initiatives that ensure the legal and ethical use of big data across industries. This first part explores what big data is, how it is collected and used by various industries and applicable legal requirements. Part two will provide advice on remaining compliant while leveraging big data and strategies for dealing with big data and third-party vendors. See also “The FTC’s Big Data Report Helps Companies Maximize Benefits While Staying Compliant” (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 3 No.1 (Jan. 11, 2017)

    Ten Cybersecurity Priorities for 2017

    Even companies that have mature information security practices in place must exercise constant vigilance by reevaluating their needs and improving their approaches. The Cybersecurity Law Report spoke with several experts to find out what companies should be focusing on and how they should allocate time and resources when setting cybersecurity priorities for 2017. In this article, we outline the resulting top ten cybersecurity action items for companies to tackle to ensure a more secure new year. See also “Cybersecurity Preparedness Is Now a Business Requirement” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.22 (Nov. 2, 2016)

    Guide to Getting Your Security Program Certified Under ISO 27001

    Companies seeking guidance in the development and implementation of their information security programs are looking for a robust and recognized framework. The ISO/IEC 27001 standard offers exactly that, while also providing a useful evaluation process and valuable certification. In a guest article, Lionel Cochey, director of information of a large international law firm, provides a roadmap to the key aspects of the standard, the certification process, and the ongoing effort to remain certified on an annual basis. See also “Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance” (Mar. 30, 2016).

    Read Full Article …
  • From Vol. 2 No.21 (Oct. 19, 2016)

    Demystifying the FTC’s Reasonableness Requirement in the Context of the NIST Cybersecurity Framework (Part One of Two)

    The NIST Cybersecurity Framework, while useful, is not a panacea, the FTC recently said, leaving many companies still wondering how to develop and implement a data security program that meets the regulator’s reasonableness requirement. With input from in-house and outside counsel, we examine the FTC’s data security expectations in the context of the NIST Cybersecurity Framework. Part one of this two-part series explores the implications of the FTC’s recent communication, how and when practitioners use the Framework and details three initial steps companies should take to meet the FTC’s reasonableness standard. Part two will cover the Framework’s core functions, how they align with the FTC’s requirements and steps companies can take to incorporate these functions into their own security practices. See also “A Behind-the-Curtains View of FTC Security and Privacy Expectations” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 2 No.21 (Oct. 19, 2016)

    Privacy Leaders Share Key Considerations for Incorporating a Privacy Policy in the Corporate Culture 

    For in-house privacy counsel, building a cohesive privacy program means leading the company, its employees and its vendors through regulatory landmines. While there is no one-size-fits-all approach, there are certain privacy program essentials applicable to most organizations, regardless of size or industry. At the recent Women, Influence and Power in Law Conference, Megan Duffy, founder of Summit Privacy and former privacy counsel at Snapchat, Inc., Tori Silas, senior counsel and privacy officer of Cox Enterprises, Inc. and Zuzana Ikels, principal at Polsinelli, shared advice on how the legal department can create and implement a strong privacy program, from initial considerations to key components. See also “Designing Privacy Policies for Products and Devices in the Internet of Things“ (Apr. 27, 2016).

    Read Full Article …
  • From Vol. 2 No.19 (Sep. 21, 2016)

    What Private Companies Can Learn From the OPM Data Breaches

    The recent breaches of the U.S. Office of Personnel Management illustrate the importance of an effective information security program for businesses in both the public and private sector. A recently released exhaustive investigative report by the House Oversight and Government Reform Committee outlines findings and recommendations to help the federal government better acquire, deploy, maintain and monitor its information technology. “The [Report] is replete with recommendations that private sector entities should be considering seriously,” DLA Piper partner Jim Halpert told The Cybersecurity Law Report. This article summarizes the committee’s findings and examines valuable lessons applicable to both the public and private sectors. See also “White House Lays Out Its Broad Cybersecurity Initiatives” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.18 (Sep. 7, 2016)

    Understanding Data Privacy and Cybersecurity in China (Part One of Two)

    The Chinese National People’s Congress is currently considering a new cybersecurity law that could have a far-reaching impact on data management in China. While the legislation is not yet in effect, it highlights the need for companies to familiarize themselves with China’s varied data privacy and cybersecurity laws as they currently are, and how they may change in the near future. The first part of this two-part series provides insight from practitioners in China explaining the various sources of law governing data management in China and the types of information that are covered by the law. In the second part, we will explore practical implications of these laws with regard to employee relations, particularly during internal investigations and due diligence. See “Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow” (Jul. 6, 2016) and “Six State Secrets and Data Privacy Considerations in Chinese Internal Investigations” (Aug. 3, 2016).   

    Read Full Article …
  • From Vol. 2 No.18 (Sep. 7, 2016)

    Navigating Online Identity Management’s Risks and Regulations

    As more time and money are spent online, identifying personal web presence is valuable in many ways for retailers, employers, and individuals. Online identity management (IdM) systems provide methods for generating and monitoring an individual’s internet presence. In a recent PLI webcast, Thomas J. Smedinghoff, of counsel at Locke Lord, explained how IdM systems work, how they are used, what risks they can create, as well as recent legal and regulatory developments that may affect the operation of such systems. See also “Managing Risk for the Internet of Things in the Current Regulatory Landscape” (May 11, 2016). 

    Read Full Article …
  • From Vol. 2 No.14 (Jul. 6, 2016)

    Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow 

    China’s far-reaching restrictions on reviewing and transmitting certain types of data present unique complications for companies. In particular, China’s state secrets law is a significant source of complexity for foreign companies and their counselors. How state secrets in China are defined, identified and must be handled create operational challenges for many; the broad definition of implicated information as well as the types of companies that may possess it means that these data flow restrictions impact not only government entities but also many private companies, limiting their ability to move data, even internally. Through advice from several attorneys working in Asia, this article explains the law’s framework, what types of information and entities are covered, as well as the risks at stake. See also “Foreign Business Chambers Sign Open Letter Against Chinese Cybersecurity Regulatory Changes” (Jun. 8, 2016). 

    Read Full Article …
  • From Vol. 2 No.12 (Jun. 8, 2016)

    Foreign Business Chambers Sign Open Letter Against Chinese Cybersecurity Regulatory Changes

    More than two dozen foreign business associations have signed an open letter to lobby against regulatory changes in China’s insurance industry, which they say discriminate against foreign companies. See “Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance” (Mar. 30, 2016).

    Read Full Article …
  • From Vol. 2 No.11 (May 25, 2016)

    A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: Does Your Plan Work? (Part Three of Three)

    Many companies recognize that an effective incident response plan can go a long way towards mitigating the consequences of cybersecurity incidents. However, they often make simple mistakes in implementing these plans, largely because they lack a comprehensive strategy to combat persistent cyber threats. In this final segment of our three-part series on the topic, we explore common deficiencies in response plans, challenges companies face when implementing a plan, how to use metrics to troubleshoot and advocate for plan resources, and estimated costs associated with investigating and remediating the inevitable breach. The article features exclusive and in-depth advice from a range of top experts, including consultants, in-house and outside counsel. Part two set forth seven key components of a robust incident response plan. Part one covered the types of incidents the plan should address, who should be involved and critical first steps to take in developing the plan, including references to sample plans and practical resources. See also “Minimizing Breach Damage When the Rubber Hits the Road” (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 2 No.10 (May 11, 2016)

    A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: Seven Key Components (Part Two of Three)

    Organizations today face an overwhelming volume, variety and complexity of cyber attacks. Regardless of the size of an enterprise or its industry, organizations must create and implement an incident response plan to effectively and confidently respond to the current and emerging cyber threats. In this second part of our three-part series on the topic, we examine the seven key components of a robust incident response plan, with exclusive and in-depth advice from a range of top experts, including consultants, in-house and outside counsel. Part one covered the types of incidents the plan should address, who should be involved and critical first steps to take in developing the plan, including references to sample plans and practical resources. Part three will explore implementation of the plan, evaluating its efficacy, pitfalls, challenges and costs. See also “Minimizing Breach Damage When the Rubber Hits the Road” (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 2 No.7 (Mar. 30, 2016)

    How Law Firms Should Strengthen Cybersecurity to Protect Themselves and Their Clients

    Law firms store a wealth of sensitive and confidential information electronically, making them prime targets for hackers. Not only does weak data security affect business development and client retention for firms, but can result in legal and ethical violations as well. How can firms meet clients' increasing data expectations? How can clients determine how robust their current and potential firms’ systems are? What mistakes are law firms making? John Simek, vice president and co-founder of cybersecurity and digital forensics firm Sensei Enterprises, Inc., answered these and other questions about law firm data security in a conversation with The Cybersecurity Law Report. See also “Sample Questions for Companies to Ask to Assess Their Law Firms’ Cybersecurity Environment” (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 2 No.7 (Mar. 30, 2016)

    Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance

    The borderless nature of cyberspace demands adequate global security and governance, and companies must protect their data across jurisdictions. At the recent 2016 RSA Conference, experts explored the challenges of global cybersecurity and governance; identified key efforts to address these issues; provided nine practical steps companies should be taking now to protect themselves; and examined the cybersecurity laws of 13 countries. The panel featured Alan Charles Raul, a Sidley Austin partner; John Smith, Raytheon vice president, legal, cybersecurity and privacy; and Michael Sulmeyer, director of the Cyber Security Project at Harvard Kennedy School’s Belfer Center. See also “Deal Struck to Maintain the Transatlantic Data Flow” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    MasterCard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part Two of Two)

    With threat vectors increasing at least as rapidly as new technology, companies need to be well-versed in how to recognize and prevent cyber attacks.  In the second installment of our coverage of PLI’s recent Cybersecurity 2015: Managing the Risk program, two top-level executives and leaders in cybersecurity, Jenny Menna, U.S. Bank’s cybersecurity partnership executive, and Greg Temm, vice president for information security and cyber intelligence at MasterCard, tackle mitigating cyber risk.  They discuss, among other things: information sharing efforts; eight important components of an information technology ecosystem; and how to prevent cyber attacks at home and in the office.  In the first article in the series, they addressed the current cyber landscape, prevalent threats, and responses to those threats that are being implemented by the government, regulators and private companies.  See also “Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.13 (Sep. 30, 2015)

    Protecting and Enforcing Trade Secrets in a Digital World

    In addition to consumer data and employee data, trade secrets also need to be a focus of cybersecurity programs, given their importance to companies and their vulnerability to cyber theft.  In this interview with The Cybersecurity Law Report, Matthew Prewitt, a partner and chair of the cybersecurity and data privacy practice and co-chair of the trade secrets practice at Schiff Hardin, discusses how to structure a process to identify and protect trade secrets from cyber risk, how to litigate trade secrets in the wake of an insider breach, and the changes that may come with the proposed Defend Trade Secrets Act of 2015.  See also “Strategies for Preventing and Handling Cybersecurity Threats from Employees,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.13 (Sep. 30, 2015)

    Protecting the Crown Jewels Using People, Processes and Technology 

    Guarding against a cybersecurity breach is no longer just a technology issue – heightened encryption and firewall technology is not a panacea for all potential cyber threats.  Instead, adequate countermeasures against cybersecurity threats today require companies to also look to their people and their processes.  During a recent webinar, Pamela Passman and Allen N. Dixon, compliance and IP protection experts at CREATe.org, discussed the current cyber threat landscape, along with practical ways businesses deploy people, processes and technology to get ahead of cyber risks and successfully prevent or neutralize internal and external threats across their entire organization.  The panelists provided steps companies can take to identify and protect their most important corporate assets and address risks from insiders, competitors and third parties by effectively training, managing and monitoring their people, processes and technology.  See also “Strategies for Preventing and Handling Cybersecurity Threats from Employees,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015). 

    Read Full Article …
  • From Vol. 1 No.10 (Aug. 12, 2015)

    How the Hospitality Industry Confronts Cybersecurity Threats that Never Take Vacations

    Technology offers travelers the convenience they value – such as software that recalls a frequent traveler’s preferences, room key cards that act as charge cards at resort restaurants, stores and more.  However, these amenities come with risks to the travelers (as well as responsibilities for the company offering the convenience) relating to the collection of sensitive data.  In this interview with The Cybersecurity Law Report, Eileen Ridley, a partner at Foley & Lardner, discusses the hospitality industry’s specific data privacy and cybersecurity challenges, and offers best practices in the collection, storage and protection of the increasing amount of personal data these companies are holding.

    Read Full Article …
  • From Vol. 1 No.4 (May 20, 2015)

    Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats

    How to handle five data privacy danger zones; the board’s role in cybersecurity; public relations strategies after a breach; and clauses to include in cloud vendor contracts were among the hot topics Weil, Gotshal & Manges attorneys discussed at a recent conference.  Partners Carrie Mahan Anderson, Jeffrey S. Klein, P.J. Himelfarb, Jeffrey D. Osterman and Michael A. Epstein shared their advice in the panel discussion.

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    Shifting to Holistic Information Governance and Managing Information as an Asset

    As companies store more and more data and increasingly rely on that data for a variety of purposes, they are starting to integrate data management into all aspects of the business.  In this interview with The Cybersecurity Law Report, Donna L. Wilson, a partner at Manatt, Phelps & Phillips and co-chair of the firm’s Privacy and Data Security practice, discussed how companies should be implementing holistic information governance as part of enterprise risk management by stressing the importance to the board of directors, designating a corporate “conductor” to bring various stakeholders within the organization together, and conducting an internal inventory to understand what information assets the company has and needs to protect.  Wilson also commented on the efforts to share threat information between and among financial firms and law firms.

    Read Full Article …
  • From Vol. 1 No.1 (Apr. 8, 2015)

    How Can a Company Mitigate Cyber Risk with Cross-Departmental Decisionmaking?

    A lack of coordination among company units can be detrimental in many business areas, but when it comes to cybersecurity, isolated actions and decisions can pave a clear path to a data breach, and exacerbate the legal ramifications of that breach.  In a guest article, Jennifer Topper of Topper Consulting explains: why cross-functional decisionmaking is so important in cybersecurity; how to make the business case for investing in proactive cyber planning; how to integrate the cybersecurity program; how to create a multidisciplinary group of stakeholders; and the role of the general counsel in information governance.

    Read Full Article …
  • From Vol. 1 No.1 (Apr. 8, 2015)

    Ten Actions for Effective Data Risk Management

    High-profile data breaches expose breached companies to intense negative scrutiny from lawmakers, regulators, media, customers and plaintiffs’ attorneys.  But not every data breach is a headline-grabbing theft of consumer credit card data – and small breaches cannot be ignored.  Effective information risk management to prevent data leaks, the unauthorized transfer of information to the outside world, and security breach incidents requires a top-driven coordinated information security compliance program that is implemented on a company-wide basis.  In a guest article, Jesse M. Brody, a partner at Manatt Phelps & Phillips, provides ten immediate steps companies should take to prevent data leaks and larger breach events.

    Read Full Article …