Archives: Data & Cyber Security

Subscribe to Data & Cyber Security RSS Feed

President Trump Signs Executive Order on Cybersecurity Focusing on Critical Infrastructure, Federal Networks and Public Cybersecurity Policy

On Monday, May 11, 2017, President Donald Trump signed an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”  The Executive Order comes after Trump had postponed signing a similar executive order on cybersecurity on Feb. 1, and another draft executive order had been circulated Feb. 10. The final Executive Order aligns … Continue Reading

Defamation and Data Protection: a twin-barrelled approach to claims against publishers

In the recent case of Prince Moulay Hicham v Elaph Publishing Limited, the Court of Appeal held in a unanimous decision that a claimant could include an action under the UK Data Protection Act 1998 (‘DPA’) as an alternative means of redress. To read our full client alert in relation to this judgment, please click … Continue Reading

What Will Data Protection Look Like in a Post-Brexit Britain?

Following the United Kingdom’s vote to leave the European Union, one thing is clear: the negotiations for the terms of the UK’s exit are likely to overlap with the implementation across the EU of the General Data Protection Regulation (GDPR) in May 2018. We have prepared a client alert to lay out the facts as they … Continue Reading

Federal Judge in Maryland Remands Data Breach Class Action Following in Spokeo Decision’s Footsteps

Just days after the Supreme Court’s ruling in Spokeo v. Robins, the highly anticipated decision is already impacting data breach class actions across the country. The defendant in the Spokeo case contended that the plaintiff had suffered no concrete injury, and that a mere statutory violation is not enough of an injury to give plaintiffs … Continue Reading

The Future of the NIST Cybersecurity Framework

On April 5-7 2016, the National Institute of Science and Technology (NIST) hosted a workshop on its popular Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The workshop was preceded by a request for information  that prompted 105 responses, many from industry associations representing hundreds of companies. The discussions at the workshop are likely to influence … Continue Reading

Cyber Ransom: It could happen to you

Ransomware and malware could potentially cripple your company and personal networks. Our previous post, Companies can insure against cyber ransom, states, “Ransomware is a form of malicious software, or ‘malware,’ that encrypts information or aspects of an organization’s computer network, preventing authorized users from accessing it.” As online hackers become more advanced, your company and … Continue Reading

By jointly tackling Facebook, French regulators set an example to large international digital media companies – First prominent enforcement measure after the Safe Harbor invalidation

On February 8 and 9, 2016, the French Directorate-General for Competition, Consumer Affairs and Prevention of Fraud (the ‘DGCCRF’) and the French Data Protection Authority (the ‘CNIL’), through an obviously concerted action, have publicised regulatory enforcement measures they are undertaking against Facebook. The DGCCRF is requiring Facebook to re-write its Terms and Conditions on the … Continue Reading

Cybersecurity & Other Risks: OCC Outlines Key Examination Areas for 2016

As the technology world is on the upswing, organizations may be at an increased risk for data breaches and cybersecurity incidents. “The Office of the Comptroller of the Currency examiners will be using the agency’s new Cybersecurity Assessment Tool in conjunction with information security and operational risk supervisory activities to determine an institution’s ability to … Continue Reading

Cyber-Hacking and Cyberterrorism Are Bringing More Attention to Technology Firms and Software Manufacturers

Should “cyber products” be added to the United States Munitions List (USML)? Cyber-hacking and cyberterrorism are growing concerns for the national security of the United States, so this question could not go unanswered. The Defense Trade Advisory Group (DTAG) decided that “cyber products” should not be added to the USML. The addition of this broad … Continue Reading

More Data Vulnerabilities, Cyber Breaches Detected in Healthcare Exchanges

Government audits continue to reveal that millions of people’s personally identifiable information is at risk. Continuous audit reports by the Office of the Inspector General (OIG) of The Department of Health and Human Services (HHS) reveal that online health care insurance exchanges could be the next juicy target for hackers looking for consumers’ personal information. … Continue Reading

Steps Colleges and Universities Should Take Avoid or Mitigate Exposure to Data Breaches

Higher education institutions are increasingly targets of data breaches due to the vast amount of private information, including educational, medical and employee data, they maintain.  It is no longer a question of if a data breach will occur, but when.  Academic institutions can take certain measures to minimize exposure in the event of a breach, … Continue Reading

Lessons Learned from Ashley Madison Breach

Recent cybersecurity trends have shown that no company is safe from the threat of a data breach. It is now a matter of “when”, not “if”, a breach will occur. Companies and their employees can take preventive measures such as establishing network monitoring, developing a robust data security programme, implementing a incident response plan, and … Continue Reading

A Checklist for In-House Counsel: Cyber Security for Medical Devices

Medical device companies and manufactures of other connected devices need to be attentive to the ever-increasing risk of a cybersecurity breach affecting their own devices and the hospitals and other health care organizations where their devices are connected. Taking these challenges into consideration, the FDA has issued several guidance documents concerning cybersecurity for medical devices.  … Continue Reading

Germany passes new cyber-security law

On 25 July 2015 in Germany, the new IT Security Act entered into force. The law aims to improve IT security in companies and public bodies, especially in the field of critical infrastructure, thus stipulating minimum security standards and reporting obligations for operators and providers of communication systems. The law will affect institutions listed as … Continue Reading

Tech giants caught between EU disagreements on scope of Proposed Network and Information Security Directive

U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to … Continue Reading

UK offers improved cyber security training to boost procurement profession

On 23 June, the UK government introduced a new online cyber security training course designed to assist the procurement profession to stay safe online. After a recent government survey found that half of the worst breaches were caused by human error, the government aims to increase awareness and help organisations reduce risk. The course, freely … Continue Reading

PCI Council Updates both Card Production Standards and Data Security Standards

The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’). First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation … Continue Reading

PCI Council Updates both Card Production Standards and Data Security Standards

The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’). First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation … Continue Reading

Domestic cyber issues no more? International cyber security collaboration continues to grow

A report by PWC on the Global State of Information Security Survey identified that 2014 saw a 48% increase of security incidents over 2013, with the resulting financial loss increasing by an average of 34%. In the United States, President Obama called cyber threats from overseas a ‘national emergency’; and the UK Department of Business … Continue Reading

Into the Future

The oracle of Silicon Valley, Mary Meeker – a partner at Kleiner Perkins – just published her highly anticipated 2015 Internet Trends Report.  Meeker’s report is the ultimate compilation of essential technology statistics, and is one of the most widely read and respected insights into the future of the Internet and technology trends. Encompassing everything … Continue Reading

State AGs’ Interest in Privacy and Cybersecurity – No End in Sight – REDUX (or, if you prefer, we told you so…)

Reed Smith has been closely following the interest and activities of State AGs in the areas of privacy and cybersecurity, and recently blogged on a major NAAG (National Association of Attorneys General) conference in April on these topics. That conference, which was sponsored by the Mississippi AG, was meant to educate AGs – most of … Continue Reading

9 Steps to Prepare a Data Breach Debrief for the CEO in 30 Minutes

Following a data breach, it is the responsibility of the general counsel and in-house legal department to quickly assess the situation and immediately provide a coherent and thoughtful initial report to the CEO. The following nine steps should be able to help prepare an effective briefing in about 30 minutes and get through a computer … Continue Reading

Trade Secrets Directive to be published this summer

Passage of the draft Directive on Trade Secrets (the ‘Directive’), proposed in November 2013, looks imminent. We’re expecting that the final Directive will be published this summer, giving each of the 28 EU Member States two years in which to enact national implementing legislation. The new Directive aims to harmonise the differing national laws protecting … Continue Reading
LexBlog