The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 2, No. 12 (Jun. 8, 2016) Print IssuePrint This Issue

  • Eight Attributes In-House Counsel Look For in Outside Cybersecurity Counsel

    When it comes to handling cybersecurity issues, in-house counsel can help minimize the company’s legal risks – but they cannot do it alone. By partnering with an outside firm, in-house counsel can boast security expertise and navigate through unfamiliar territory such as compliance with local, state and national privacy and security requirements, data breach litigation and corporate governance. The Cybersecurity Law Report spoke to a number of in-house counsel who advise on cybersecurity issues at major companies such as ExxonMobil and IBM. They discussed eight attributes they look for in outside cybersecurity counsel, when they find outside counsel most valuable and the importance of vetting the firm’s own cybersecurity practices. See also “The Multifaceted Role of In-House Counsel in Cybersecurity” (Dec. 9, 2015).

    Read full article …
  • What CISOs Want Lawyers to Understand About Cybersecurity

    As security and privacy threats and regulations proliferate, it is more important than ever for in-house counsel to collaborate with a company’s information security team to mitigate risks and protect their organization’s confidential information. At a recent panel at Georgetown Law’s Cybersecurity Law Institute, CISOs from Deloitte, BDP and Northrop Grumman shared advice about how lawyers and information security professionals can achieve that goal. The panelists addressed fostering a collaborative relationship, areas of tension between legal and IT, and how counsel can more effectively act as advocates for mitigating data security and privacy risk. See also “Coordinating Legal and Security Teams in the Current Cybersecurity Landscape”: Part One (Jul. 1, 2015); Part Two (Jul. 15, 2015).

    Read full article …
  • Minimizing Class Action Risk in Breach Response

    Cybersecurity programs today must take into consideration the risk of class action litigation and include measures to mitigate those risks. David Lashway, a partner and global cybersecurity practice lead at Baker & McKenzie, spoke with The Cybersecurity Law Report in advance of ALM’s Mid-Year Cybersecurity and Data Protection Legal Summit on June 15, 2016, at the Harvard Club in New York City, where he will participate as a panelist. An event discount code is available to CSLR readers inside the article. In our interview, Lashway addresses mitigating litigation risk following a data security incident, takeaways from recent cases such as Target and Sony and class action litigation trends. See also “Proactive Steps to Protect Your Company in Anticipation of Future Data Security Litigation”: Part One (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read full article …
  • Vendor Cyber Risk Management: 14 Key Contract Terms (Part Two of Two)

    Actions by third-party vendors with access to a company’s data are the cause of some of the most damaging breaches. Carefully vetting and monitoring those vendors is crucial to a strong cybersecurity program. At a recent panel at IAPP’s Global Privacy Summit, counsel from Under Armour, AOL and Unisys provided practical guidance on how to implement a comprehensive vendor management program. This article, the second installment in our coverage of the panel, includes fourteen key cybersecurity provisions to include in vendor contracts and the panelists’ strategies for monitoring the vendor relationship and for effective breach response. The first article in our series includes the panelists’ discussion of nine questions to ask vendors during the due diligence process and factors to consider before contract negotiations. See also “Learning From the Target Data Breach About Effective Third-Party Risk Management”: Part One (Sep. 16, 2015); Part Two (Sep. 30, 2015).

    Read full article …
  • Securing the Connected Car: Privacy, Security and Self-Regulation

    Much like smartphones, today’s automobiles have become vast data endpoints, equipped with advanced electronics, sensors and computing power. In cars, though, these advancements not only facilitate communications but also enhance safety and the driving experience. As panelists at the recent IAPP Privacy Summit pointed out, a breach can implicate physical safety as well as data privacy. The panelists, including in-house experts at AT&T and General Motors, discussed the threat landscape for connected cars, the current regulatory framework governing cybersecurity of connected cars and how the automobile industry is developing best practices and automobile design to meet consumer expectations while minimizing cybersecurity risk. See also “Designing Privacy Policies for Products and Devices in the Internet of Things” (Apr. 27, 2016)

    Read full article …
  • How Financial Service Providers Can Use Cyber Insurance to Mitigate Risk

    Cyber threats in the alternative investment industry are growing increasingly larger and more sophisticated, requiring financial service providers to maintain sufficient infrastructure to prevent and respond to any breaches. A key component of that infrastructure is a cyber insurance policy to reimburse the fund manager for costs incurred defending against a cyber attack and loss of data caused by the attack. A recent alternative asset manager forum sponsored by insurance advisory and brokerage firm Crystal & Company offered a look at the current cyber threat landscape, cybersecurity preparedness, breach response and cyber liability insurance from the insurance, legal and forensic perspectives. The panel featured experts from investigation and consultancy firm K2 Intelligence, AIG Property & Casualty’s financial institutions group, AXIS Insurance and Lewis Brisbois Bisgaard & Smith. See also the CSLR’s series on how the financial services sector can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape (Part One of Two)” (Dec. 9, 2015); “A Plan for Building a Cyber-Compliance Program (Part Two)” (Jan. 6, 2016).

    Read full article …
  • Foreign Business Chambers Sign Open Letter Against Chinese Cybersecurity Regulatory Changes

    More than two dozen foreign business associations have signed an open letter to lobby against regulatory changes in China’s insurance industry, which they say discriminate against foreign companies. See “Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance” (Mar. 30, 2016).

    Read full article …
  • Cybersecurity and Data Privacy Litigator Joins McDermott in L.A.

    McDermott Will & Emery recently announced that Michael Morgan has joined the firm’s litigation practice group as a partner in the Los Angeles office and co-leader of the firm’s privacy and data protection practice. He was previously at Jones Day. 

    Read full article …
  • Jones Day Welcomes Government Regulation Partner Michael Hazzard to D.C.

    Jones Day recently announced that Michael Hazzard has joined as a partner in its government regulation practice. Hazzard, who will be based in the firm’s Washington office, comes to Jones Day from Arent Fox, where he was a partner in that firm’s communications, technology and mobile group. See also “Legal and Regulatory Expectations for Mobile Device Privacy and Security” Part One (Feb. 3, 2016); Part Two (Feb. 17, 2016).

    Read full article …