The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 1, No. 15 (Oct. 28, 2015) Print IssuePrint This Issue

  • Transferring Risk Through the Right Cyber Insurance Coverage

    As companies recognize that they cannot ignore the risk of a significant cyber breach, they are looking to insurance policies to bear at least some of that risk.  Selecting the right cyber insurance, however, presents challenges in an ever-changing cyber insurance market.  In a guest article, BakerHostetler partner Judy Selby explains the cyber insurance options available, how to select the best insurance for your company and what to expect from the often-intrusive application process.  See also “Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read full article …
  • Orrick Attorneys Explain California’s New Specific Standards for Breach Notification

    California, a state that has been a leader in strong data security laws, has amended those laws to make their breach notification requirements more specific.  Aravind Swaminathan and Rishad Patel, Orrick partner and associate, respectively, spoke with The Cybersecurity Law Report about what companies need to know about the changes made by the amendments and how companies can approach the different notice requirements of 47 states.  The California changes take effect January 1, 2016 and include SB 570, which requires specific breach notice formatting; SB 34, which expands the definition of personal information and clarifies the substitute notice process; and AB 964, which clarifies the meaning of encryption.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read full article …
  • Federal Courts Offer a Modern Interpretation of the VHS-Era Video Privacy Protection Act

    When does the 1988 Video Privacy Protection Act, which limits what companies can do with personal information about video consumption, apply to companies that post videos online?  The Eleventh Circuit and a New York district court recently dismissed complaints challenging the VPPA – passed in 1988 and designed to protect the privacy of individuals’ VHS rental preferences – narrowing the scope of the Act in the process.  Ellis v. The Cartoon Network, Inc. (11th Cir. Oct. 9, 2015) and Robinson v. Disney Online (S.D.N.Y. Oct. 20, 2015) both dealt with free smartphone apps, and questions regarding who is a “subscriber” and what “personally identifiable information” means under the statute.  Simon J. Frankel, a partner at Covington & Burling, told The Cybersecurity Law Report that “courts are really struggling with how the statute, not written for this context, applies in this context and [they are] trying to draw where the limits are.”  See also “The Tension Between Interest-Based Advertising and Data Privacy,” The Cybersecurity Law Report, Vol. 1, No. 12 (Sep. 16, 2015).

    Read full article …
  • MasterCard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part Two of Two)

    With threat vectors increasing at least as rapidly as new technology, companies need to be well-versed in how to recognize and prevent cyber attacks.  In the second installment of our coverage of PLI’s recent Cybersecurity 2015: Managing the Risk program, two top-level executives and leaders in cybersecurity, Jenny Menna, U.S. Bank’s cybersecurity partnership executive, and Greg Temm, vice president for information security and cyber intelligence at MasterCard, tackle mitigating cyber risk.  They discuss, among other things: information sharing efforts; eight important components of an information technology ecosystem; and how to prevent cyber attacks at home and in the office.  In the first article in the series, they addressed the current cyber landscape, prevalent threats, and responses to those threats that are being implemented by the government, regulators and private companies.  See also “Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read full article …
  • Privacy and Data Security Considerations for Life Sciences and Health Technology Companies (Part Two of Two)

    Companies in the life sciences and health information technology industry face unique data privacy and security concerns based on the highly sensitive personal health information that they handle.  In our continued coverage of a recent health sector data privacy and security webinar, WilmerHale partners Barry Hurewitz and Jonathan Cedarbaum address HIPAA’s nuances, including requirements for business associates and its applicability in medical research.  They also highlight the latest regulatory guidance regarding medical and mobile devices, and move beyond HIPAA to examine current state and international regulations.  In part one, Hurewitz discussed security issues specific to life science and health information technology companies and provided a federal regulatory overview.  See also “Steps to Take Following a Healthcare Data Breach,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read full article …
  • How the Department of Commerce Can Help Companies Address Cybersecurity and Corruption Concerns

    The U.S Department of Commerce, the agency tasked with promoting the interests of U.S. businesses both domestically and abroad, may not be the first agency that comes to mind when thinking about cybersecurity, but it can assist companies with their cybersecurity programs as well as in other compliance areas, such as anti-corruption.  During the Society for Corporate Compliance and Ethics’ 2015 Compliance and Ethics Institute, Justin Antonipillai, Acting General Counsel at the Commerce Department, spoke about the Department’s role in cybersecurity and FCPA enforcement and highlighted how the Department can help companies with various compliance concerns.  We summarize the key takeaways from his presentation.

    Read full article …
  • Jenner & Block Welcomes Former DOJ Chief Privacy Officer

    On October 26, 2015, Jenner & Block announced that privacy lawyer Nancy C. Libin, former Chief Privacy and Civil Liberties Officer at the U.S. Department of Justice, is joining the firm as a partner in its Washington, D.C. office.  As principal privacy adviser to the deputy attorney general, she focused on such issues as electronic surveillance, cloud computing, location privacy, data breach, cybersecurity and international data protection.  She was extensively involved in bilateral and multilateral negotiations with foreign governments regarding data protection agreements that govern and facilitate cross-border information flows.  Her practice encompasses law and policy with a focus on consumer protection and privacy, as well as national security and cybersecurity issues.  Libin is a member of the firm’s growing privacy and information governance practice and also joins the communications, Internet and technology practice. 

    Read full article …
  • Elizabeth Ferrell Joins Bradley Arant Boult Cummings

    Bradley Arant Boult Cummings recently announced that Elizabeth Ferrell has joined as a partner in the firm’s Washington, D.C. office.  She will practice in Bradley Arant’s construction and procurement and government contracts groups.  As part of her government contracts practice, she counsels contractors on cybersecurity, legislative, and regulatory developments.  She has counseled a defense contractor on cybersecurity and reporting requirements after a cyber incident and worked with a forensic consultant on breach investigation and remediation.

    Read full article …