Archives: Data & Cyber Security

Subscribe to Data & Cyber Security RSS Feed

New key features of FTC data security orders highlighted by Consumer Protection Bureau Director

On January 6, 2020, the Director of the Federal Trade Commission’s (FTC’s) Bureau of Consumer Protection, Andrew Smith, published a blog post highlighting recent changes to the Commission’s enforcement orders relating to data security. Industry leaders, law practitioners, Congress, and even the courts have been critical of aspects of the Commission’s data security orders.  In … Continue Reading

2020 could be a monumental year for adtech

With the California Consumer Privacy Act (CCPA) coming into effect on January 1 and the announcement on 14 January from Google that it will be phasing out third party cookies within the next two years, it seems that 2020 will be a significant year for the adtech industry as industry players react with solutions and … Continue Reading

Cyber crime now poses increasing threat to the cannabis industry

According to a report issued last week, tens of thousands of cannabis dispensary customers’ personal data has been exposed following a data breach of a sales system that at least three (and likely more) cannabis dispensaries may have used to manage their sales to customers. Our recent client alert highlights the increasing threat that cyber … Continue Reading

Five more steps to handling claims in 2020

A top goal for 2020 is to review and negotiate your directors and officers (D&O) (and other) insurance policies to make sure they are as favorable as possible from a coverage and pricing perspective. (See Make a few small yet substantial plans: five steps to managing directors’ and officers’ liability insurance and other risks in 2020.) … Continue Reading

New year, new risks

According to experts, most New Year’s resolutions fail because sweeping change is difficult. Rather, the best results come from taking small steps. Here are five small steps to take to make sure your directors’ and officers’ (D&O) coverage can tackle potential cyber risks. Review your coverage program from last year. Endorsements, policy provisions, and pricing … Continue Reading

An FAQ guide to data breach notifications in Singapore

Singapore’s Personal Data Protection Commission (PDPC) has announced that data breach notification will soon become mandatory in Singapore. However, not all breaches need to be reported. We have prepared this guide to aid businesses in understanding when, to whom and how to notify should they encounter a data breach. As further guidance and details on … Continue Reading

How to respond to data breaches and cyber attacks

As part of Reed Smith’s webinar series on crisis management, on Wednesday 6 November 2019, partners Tom Webley, Philip Thomas and John M. McIntyre delivered a webinar to clients on data breaches, cyber attacks, and potential responses to such incidents. Our recent client alert focuses on the key themes arising out of the webinar and … Continue Reading

ENISA launches security mapping tool

The European Union Agency for Cybersecurity (ENISA) has been supporting the European Union (EU) Member States in developing, implementing and evaluating their cyber security strategies. Since 2012 and as part of this support, ENISA has been developing tools, studies and guidelines to help EU Member States build on their national cyber security strategies. The latest … Continue Reading

With latest lawsuit, New York attorney general continues to demand cybersecurity compliance

In a continued pursuit for cybersecurity compliance, New York Attorney General (AG) Letitia James has sued Dunkin’ Brands, Inc. (franchisor of Dunkin’ Donuts) over two data breaches in 2015 and 2018, accusing the company of mishandling a series of cyberattacks that together compromised more than 320,000 customer accounts. In the complaint filed last week, AG … Continue Reading

FTC settlement and warning letters over cross-border personal data transfers

The Federal Trade Commission’s (FTC) recently announced settlement with background check provider SecurTest, Inc. shows the agency remains vigilant regarding businesses’ claims that they comply with the EU-U.S. Privacy Shield Framework (Privacy Shield). Privacy Shield provides U.S. businesses with a legally recognized mechanism for receiving personal data in the United States from the EU. In … Continue Reading

Transparency requirements for influencers in Germany, the United Kingdom and the United States

They are the stars of the young generation, brand ambassadors for organizations and leaders on social media: influencers. With their strong presence on social media channels such as Facebook, Instagram or Twitter, influencers have a power that pays off. Thousands of users follow the day-to-day posts of their role models. Influencers are becoming increasingly important … Continue Reading

Washington becomes the latest state to amend its data breach notification law

On May 7, 2019, Governor Jay Inslee of Washington signed HB 1071 into law, which strengthens the state’s data breach notification law. Washington joins the growing list of states that have recently amended their breach notification laws. Although Washington’s law was amended in 2015, the law was initially enacted nearly 14 years ago. This amendment, … Continue Reading

NERC enforcement action provides guidance to electric industry for compliance with the Critical Infrastructure Protection Reliability Standards

On January 25, 2019, a settlement agreement was reached between a utility company, which allegedly violated the Critical Infrastructure Protection (CIP) Reliability Standards, and the North American Reliability Corporation (NERC). Through this settlement, NERC provides guidance to the electric industry for compliance with the CIP Reliability Standards. The substantial penalties should prompt companies to educate … Continue Reading

Highlighting the “SEC” in cybersecurity: Continued regulatory focus on preparedness and response

In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system. The … Continue Reading

FDA revamps cybersecurity guidance for marketed medical devices

The Food and Drug Administration (FDA) published a draft update to its premarket cybersecurity guidance for device makers on October 18, 2018. The expanded draft guidance includes recommendations on tiered classification of cybersecurity risk, trustworthiness, cybersecurity bill materials, and device cybersecurity labeling that are specific enough to be helpful to manufacturers while at the same … Continue Reading

The new China cybersecurity inspection regulation broadens PSB authority

China’s new “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” went into effect on November 1, 2018. It is the latest regulation passed by China’s Ministry of Public Security that executes China’s Cybersecurity Law, which took effect in June of last year. The regulation gives China’s Public Security Bureaus (PSBs) broad … Continue Reading

DOJ issues updated best practices on cyber incidents; incorporates CISA

On September 27, 2018, as part of the Department of Justice’s (DOJ) cybersecurity roundtable discussion, the DOJ’s Cybersecurity Unit issued Best Practices for Victim Response and Reporting of Cyber Incidents (the Best Practices), including a Cyber Incident Preparedness Checklist. As noted by the DOJ, the Best Practices do not have the force of law, and … Continue Reading

Being first isn’t always best: SEC settles for $35 million fine for failure to disclose data breach to investors

Company response to major data breach results in first-of-its-kind fine for improper disclosure to investors On April 24, 2018, U.S. Securities and Exchange Commission (SEC) and Altaba Inc., (formerly known as Yahoo! Inc.) agreed to settle SEC Division of Enforcement charges stemming from the compromise of 3 billion Yahoo accounts that occurred in 2013 and … Continue Reading

Keys to the City: Recent developments in New York City address cybersecurity risks

In the wake of recent cyberattacks, cities and states are taking a stand. On March 29, New York City (the City) Mayor Bill de Blasio announced NYC Secure, an initiative that will include a suspicious activity alert app for residents and security upgrades to the City’s public Wi-Fi networks.[1]The initiative is intended as a citywide … Continue Reading

The FTC’s black-box determination of information’s sensitivity imperils First Amendment and due-process rights

A Washington Legal Foundation legal opinion titled “The FTC’s Black-Box Determination of Information’s Sensitivity Imperils First Amendment and Due-Process Rights” and written by Gerry Stegmaier, Wendell Bartnick, and Kelley Chittenden illustrates the troubling fact that although businesses are tasked with implementing “reasonable” data security that hinges, in part, on the sensitivity of information, the Federal … Continue Reading

Cloud before the storm: Lloyd’s of London report forecasts cloud outage with a chance of multibillion dollar losses

On Tuesday, January 23, Lloyd’s of London co-published a report with AIR Worldwide highlighting the significant financial fallout that could occur in the event of a cyber incident or shutdown of a cloud computing provider in the United States, noting that losses could be to the tune of about $19 billion – of which only … Continue Reading

From the Server Room to the Board Room: D&O and Cybersecurity Emerging Trends

With breaches of nearly 150 million Americans’ personal information flooding the news the last few weeks, followed by the filing of more than 50 class action lawsuits to date, and the announcement of an FTC investigation, cybersecurity is squarely on the minds of and on the table in boardrooms across the country. On September 14, … Continue Reading
LexBlog