The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 1, No. 17 (Nov. 25, 2015) Print IssuePrint This Issue

  • Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part One of Two)

    With cyber attacks continuing to strike companies of all sizes, cyber insurance has become an important component of corporate risk management strategies.  While cyber risk insurance can provide coverage for the litany of potential damages that a company may suffer in the wake of a data breach, it is wildly different from the usual insurance marketplace – it is nascent, changing and varied.  This, the first article in our two-part series on getting the right cyber coverage in place, provides guidance on navigating the insurance placement process, selecting the individuals who should be involved, finding the right insurer and securing the best policy for your company.  Part two will explore lessons from recent cyber insurance coverage litigation, including steps companies can take to increase the likelihood of insurance coverage under their cyber policy and what policy exclusions and pitfalls to watch out for.  See also “Transferring Risk Through the Right Cyber Insurance Policy,” The Cybersecurity Law Report, Vol. 1, No. 15 (Oct. 28, 2015).

    Read full article …
  • How to Protect Intellectual Property and Confidential Information in the Supply Chain

    Sharing information, including intellectual property, with third parties such as suppliers, distributors and consultants is essential for the operations of many companies but exposes them to various points of cyber risk.  Pamela Passman, President and CEO at the Center for Responsible Enterprise and Trade (, spoke with The Cybersecurity Law Report about how to assess and mitigate third-party and supply chain risk., a global NGO, works with companies and third parties with whom they do business to help put processes in place to prevent corruption and protect intellectual property, trade secrets and other confidential information.  See also “Protecting and Enforcing Trade Secrets in a Digital World,” The Cybersecurity Law Report, Vol. 1, No. 13 (Sep. 30, 2015).

    Read full article …
  • FTC Loses Its First Data Security Case 

    In the FTC’s first loss in a data breach security case, and the first such case to reach a full adjudication, an administrative law judge dismissed the agency’s complaint against LabMD, Inc. regarding two alleged cybersecurity incidents at LabMD.  The ALJ held, in a lengthy Initial Decision, that the FTC did not meet its burden on the first prong of the three-part test in Section 5(n) of the FTC Act – that LabMD’s conduct caused, or is likely to cause, substantial consumer injury.  Phyllis Marcus, counsel at Hunton & Williams, said the ALJ was “holding the FTC Complaint Counsel, rightfully so, to the fire.  Bald allegations of substantial injury or likelihood of substantial injury” to support an unfairness claim will no longer be sufficient if the case stands.  See also “The FTC Asserts Its Jurisdiction and Provides Ten Steps to Enhance Cybersecurity,” The Cybersecurity Law Report, Vol. 1, No. 8 (Jul. 15, 2015).

    Read full article …
  • Proactive Steps to Protect Your Company in Anticipation of Future Data Security Litigation (Part One of Two)

    In addition to the direct consequences of a data security incident, many companies that suffer data breaches must face lawsuits.  In a recent webinar, Mintz Levin members Meredith Leary, Kevin McGinty and Mark Robinson discussed the various types of data security litigation and gave advice on how companies can best prepare for the likelihood of a lawsuit after a data breach.  This article, the first in a two-part series, features their insight on how companies can put themselves in the best position now to defend their actions later.  The panelists also identified threshold questions that companies can ask themselves during an internal investigation following a data breach.  In the second article, they further explore best practices for internal investigations and common defenses in data breach class actions.  See also “Liability Lessons from Data Breach Enforcement Actions,” The Cybersecurity Law Report, Vol. 1, No. 16 (Nov. 11, 2015).

    Read full article …
  • Implementing an Effective Cloud Service Provider Compliance Program

    The ubiquity of cloud computing platforms as a tool for companies to share, store and back up critical and sensitive data has catapulted the implementation of a comprehensive third-party cloud service provider program to the top of compliance officers’ ever growing to-do lists.  During a recent seminar held by the Society of Corporate Compliance & Ethics, Web Hull, a privacy, data protection and compliance advisor provided a practical framework for engaging, managing, auditing and monitoring third-party cloud computing providers.  This article summarizes those insights, including key risks, and compiles the resources compliance officers can use to meet the relevant state and federal cybersecurity regulatory requirements.  See also “Examining Evolving Legal Ethics in the Age of the Cloud, Mobile Devices and Social Media (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 11 (Aug. 26, 2015); Part Two,” Vol. 1, No. 12 (Sep. 16, 2015); and “The Advantages of Sending Data Up to the Cloud,” The Cybersecurity Law Report, Vol. 1, No. 6 (Jun. 17, 2015).

    Read full article …
  • FTC Chair Addresses the Agency’s Data Privacy Concerns with Cross-Device Tracking

    Consumers’ online presence is constantly in motion as they jump from device to device throughout the day.  Companies that want to track consumer activity are using new methods that follow consumers, and the platforms and applications they use, on these various devices.  The FTC recently held a workshop to examine and address privacy issues raised by cross-device tracking.  FTC Chairwoman Edith Ramirez commenced the workshop by explaining the Commission’s goal to allow technological innovation – with all the consumer benefits it offers – while safeguarding consumer privacy.  We highlight the key points of her speech in which she emphasized the importance of effective transparency, notice, choice and security.  See also “In the Wyndham Case, the Third Circuit Gives the FTC a Green Light to Regulate Cybersecurity Practices,” The Cybersecurity Law Report, Vol. 1, No. 11 (Aug. 26, 2015).  

    Read full article …
  • Mayer Brown Welcomes Recruits from Departments of Commerce and Justice

    Mayer Brown has announced two new hires to the firm’s cybersecurity & data privacy practice.  Kendall C. Burman, who joins as a counsel, and Joshua M. Silverstein, who joins as an associate, come to Mayer Brown with significant legal and policy experience relating to cybersecurity, privacy, national security and technology.  They will be based in the firm’s Washington, D.C. office.

    Read full article …