The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 1, No. 4 (May 20, 2015) Print IssuePrint This Issue

  • After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?

    Recent reports detail a breathtaking and unrelenting rise in cyber breaches, with five malware events occurring every second, and 60% of successful attackers able to compromise an organization within minutes.  But the law has not kept pace with technological innovation.  There is no single uniform law protecting individual privacy, nor one that governs all of a company’s obligations or liabilities regarding data security and privacy.  As Jenny Durkan and Alicia Cobb, a partner and associate, respectively, at Quinn Emanuel Urquhart & Sullivan, detail in a guest post, any business that suffers a significant cyber breach almost certainly will face not only multiple civil suits, but multiple investigations by federal and state authorities.  The authors provide a roadmap to the key authorities and the patchwork of relevant rules and regulations.

    Read full article …
  • Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part Two of Two)

    With the dynamic nature of privacy concerns – caused by changing legal requirements, growing data collections and evolving technology – top privacy officers must manage a shifting realm with proactive communication, effective reporting lines and operational structures to ensure accurate implementation of privacy policies and protocols.  Experts agree that it is optimal to have both a Chief Cybersecurity Officer or Chief Information Security Officer (CISO) and a separate Chief Privacy Officer (CPO).  Some confuse these positions, thinking “that the security person should know all things privacy and the privacy person should know all things security and that is clearly not the case,” Michael Overly, a partner at Foley & Lardner told The Cybersecurity Law Report.  In this two-part article series, we define and distinguish the roles of CPO and CISO.  This article, the second of the series, focuses on the CPO, including core responsibilities, considerations for structuring reporting lines and hiring for the position.  The first article focused on the CISO.

    Read full article …
  • Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things

    The Internet of Things – physical objects with Internet connectivity – provides conveniences and efficiencies for consumers and companies but also security and privacy challenges.  In this interview with The Cybersecurity Law Report, Ed McNicholas, a partner at Sidley Austin and co-chair of the firm’s privacy, data security and information law practice, discusses how companies should address privacy notification with connected devices, the consent issues and cybersecurity threats presented by the Internet of Things, and the movement toward a personalized Internet.

    Read full article …
  • DOJ Encourages Cyber Incident Reporting and Advance Planning with Best Practices Guidance

    Following other government agencies who have weighed in on cybersecurity, the DOJ’s Cybersecurity Unit has published guidance titled “Best Practices for Victim Response and Reporting of Cyber Incidents,” outlining its recommendations for steps to take prior to a cyber incident; how to respond to an incident, including mistakes often made in the chaos following an incident; and effective follow-up actions.  Experts say that while it is nothing new, the document does emphasize the government’s expectations.  The Guidance “reinforces the notion that a ‘check-the-box’ approach to cybersecurity does not suffice.  Companies must implement a thoughtful, robust and effective plan that is tailored to the company’s particular business, risks and operations,” Richard Tarlowe, counsel at Paul, Weiss told The Cybersecurity Law Report.

    Read full article …
  • Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats

    How to handle five data privacy danger zones; the board’s role in cybersecurity; public relations strategies after a breach; and clauses to include in cloud vendor contracts were among the hot topics Weil, Gotshal & Manges attorneys discussed at a recent conference.  Partners Carrie Mahan Anderson, Jeffrey S. Klein, P.J. Himelfarb, Jeffrey D. Osterman and Michael A. Epstein shared their advice in the panel discussion.

    Read full article …
  • Analyzing and Mitigating Cybersecurity Risks to Investment Managers (Part Two of Two)

    The financial services industry, a favorite target of hackers, is especially vulnerable to cybersecurity threats.  A recent program sponsored by K&L Gates and the Investment Adviser Association addressed the difficult and high-stakes cybersecurity issues investment managers are facing.  This article, the second in a two-part series, discusses the panel’s views on mitigating cybersecurity risks.  The first article summarized the key points raised by the panel relating to the costs of cyber breaches; applicable laws and regulations; and cyber threats.  The program was moderated by Mark C. Amorosi, a partner at K&L Gates, and featured a panel consisting of Jeffrey Bedser, CEO of iThreat Cyber Group; Laura L. Grossman, assistant general counsel of the IAA; Andras P. Teleki, a partner at K&L Gates; and E.J. Yerzak, vice president at Ascendant Compliance Management.

    Read full article …
  • Craig A. Newman Joins Patterson Belknap

    On May 19, 2015, Patterson Belknap Webb & Tyler announced that cybersecurity expert Craig A. Newman has joined the firm as a partner in its litigation department.  He will also lead the firm’s privacy and data security practice group, and be a member of its structured finance litigation practice group.  He joins from Richards Kibbe & Orbe, where he served as a managing partner and member of its executive committee.

    Read full article …
  • Kevin D. Leitão Joins Ballard Spahr in New York

    Ballard Spahr recently announced that Kevin D. Leitão has joined as of counsel in its privacy and data security and consumer financial services groups in New York.

    Read full article …