The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 1, No. 8 (Jul. 15, 2015) Print IssuePrint This Issue

  • How to Prevent and Manage Ransomware Attacks (Part One of Two)

    Ransomware attacks can cause substantial disruption and damage by tempting a single employee to click on a link or visit a malicious site.  “The threats are getting more and more sophisticated every day in terms of the malware itself and the delivery,” Judy Selby, a partner at BakerHostetler, said.  This article, the first part of a two-part series, explains the threat and suggests steps that companies can take to prevent ransomware attacks and mitigate the impact if one does occur.  The second article will address how to handle a ransomware attack and when and how to report and work with law enforcement.  See also “Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read full article …
  • The FTC Asserts Its Jurisdiction and Provides Ten Steps to Enhance Cybersecurity

    In its new guidance, “Start with Security,” the Federal Trade Commission is “stating its case why it should be recognized as the preeminent authority in this area,” Stephen Newman, a partner at Stroock, told The Cybersecurity Law Report.  The FTC makes clear in the guidance that it expects companies to put strong cybersecurity practices in place and will hold the companies responsible for lax security measures if a breach does occur.  The guidance also provides valuable compliance advice – it articulates the FTC’s thoughts on how to reduce risk with “fundamentals of sound security” based on “the lessons learned from the more than 50 law enforcement actions the FTC has announced so far.”  We discuss the ten steps the FTC has put forward to enhance cyber compliance, with input from experts.  See “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read full article …
  • Analyzing and Complying with Cyber Law from Different Vantage Points (Part One of Two)

    Cybersecurity and privacy issues have catapulted to the forefront of current hot-button legal topics, and companies are taking steps to prevent breaches and satisfy regulators, panelists said at a recent conference hosted by Georgetown Law’s Cybersecurity Law Institute.  The moderator and panelists come to cybersecurity and data privacy with different perspectives – plaintiffs’ counsel from Edelson PC; principal for reliability and cybersecurity for Southern California Edison; in-house counsel at IT company CACI International; and defense counsel from Alston & Bird.  In a panel examining emerging law on corporate cyber liability, they shared their insights on the sources of liability for companies, best practices when collecting personal data, the compliance lessons from government enforcement actions, as well as from shareholder derivative suits and class actions that have followed breaches.  Part two of this article series will cover their considerations for settling cybersecurity liability cases.

    Read full article …
  • Understanding and Mitigating Liability Under the Children’s Online Privacy Protection Act

    Faced with the threat of steep civil penalties that can arise from active FTC enforcement, operators of commercial websites must exercise caution when collecting personal information from children under the age of 13.  The long reach of the Children’s Online Privacy Protection Act (COPPA) applies not only to first-party website operators but also extends to third parties that collect personal information on behalf of first-party operators in certain circumstances.  In a recent presentation, attorneys Julia Siripurapu and Ari Moskowitz of Mintz Levin discussed key provisions and implementation of COPPA, including compliance, enforcement and applicability to third parties.  They also provided advice on best practices for websites and online services regarding the collection and use of children’s personal information, and for educational institutions as parental agents.

    Read full article …
  • The Challenge of Coordinating the Legal and Security Teams in the Current Cyber Landscape (Part Two of Two)

    Legal and security teams each play a crucial role in cybersecurity and data protection, but working together to understand the most pressing threats and shifting regulatory landscape can be challenging.  In this second article of our two-part series covering a recent panel at Practising Law Institute’s Sixteenth Annual Institute on Privacy and Data Security Law, Lisa J. Sotto, managing partner of Hunton & Williams’ New York office and chair of the firm’s global privacy and cybersecurity practice, and Vincent Liu, a security expert and partner at security consulting firm Bishop Fox, give advice on how to prepare for and respond to a cyber incident and how security and legal teams can effectively work together throughout the process.  The first article in this series discussed the current cyber threat landscape and the relevant laws and rules.

    Read full article …
  • Conflicting Views of Safety, Vulnerability and Privacy Fuel Encryption Debate

    FBI Director James Comey says end-to-end encryption hinders law enforcement – if authorities cannot access evidence on a phone or a laptop, “it will have ongoing, significant impacts on our ability to identify, stop, and prosecute” criminals, including terrorists, he told the Senate Judiciary Committee when he testified alongside Deputy Attorney General Sally Quillian Yates on July 8, 2015.  That was the day after a group of 14 security experts released a report warning that giving government special access to encrypted data will endanger critical infrastructure and make the public less safe.  We discuss the report and the Senate testimony, and the bitter encryption debate.  See also “In a Candid Conversation, FBI Director James Comey Discusses Cooperation among Domestic and International Cybersecurity Law Enforcement Communities (Part Two of Two),” The Cybersecurity Law Report, Vol. 1, No. 6 (Jun. 17, 2015).

    Read full article …