On Monday, May 11, 2017, President Donald Trump signed an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The Executive Order comes after Trump had postponed signing a similar executive order on cybersecurity on Feb. 1, and another draft executive order had been circulated Feb. 10. The final Executive Order aligns … Continue Reading
In the recent case of Prince Moulay Hicham v Elaph Publishing Limited, the Court of Appeal held in a unanimous decision that a claimant could include an action under the UK Data Protection Act 1998 (‘DPA’) as an alternative means of redress. To read our full client alert in relation to this judgment, please click … Continue Reading
Following the United Kingdom’s vote to leave the European Union, one thing is clear: the negotiations for the terms of the UK’s exit are likely to overlap with the implementation across the EU of the General Data Protection Regulation (GDPR) in May 2018. We have prepared a client alert to lay out the facts as they … Continue Reading
Just days after the Supreme Court’s ruling in Spokeo v. Robins, the highly anticipated decision is already impacting data breach class actions across the country. The defendant in the Spokeo case contended that the plaintiff had suffered no concrete injury, and that a mere statutory violation is not enough of an injury to give plaintiffs … Continue Reading
On April 5-7 2016, the National Institute of Science and Technology (NIST) hosted a workshop on its popular Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The workshop was preceded by a request for information that prompted 105 responses, many from industry associations representing hundreds of companies. The discussions at the workshop are likely to influence … Continue Reading
Ransomware and malware could potentially cripple your company and personal networks. Our previous post, Companies can insure against cyber ransom, states, “Ransomware is a form of malicious software, or ‘malware,’ that encrypts information or aspects of an organization’s computer network, preventing authorized users from accessing it.” As online hackers become more advanced, your company and … Continue Reading
On February 8 and 9, 2016, the French Directorate-General for Competition, Consumer Affairs and Prevention of Fraud (the ‘DGCCRF’) and the French Data Protection Authority (the ‘CNIL’), through an obviously concerted action, have publicised regulatory enforcement measures they are undertaking against Facebook. The DGCCRF is requiring Facebook to re-write its Terms and Conditions on the … Continue Reading
As the technology world is on the upswing, organizations may be at an increased risk for data breaches and cybersecurity incidents. “The Office of the Comptroller of the Currency examiners will be using the agency’s new Cybersecurity Assessment Tool in conjunction with information security and operational risk supervisory activities to determine an institution’s ability to … Continue Reading
Should “cyber products” be added to the United States Munitions List (USML)? Cyber-hacking and cyberterrorism are growing concerns for the national security of the United States, so this question could not go unanswered. The Defense Trade Advisory Group (DTAG) decided that “cyber products” should not be added to the USML. The addition of this broad … Continue Reading
Government audits continue to reveal that millions of people’s personally identifiable information is at risk. Continuous audit reports by the Office of the Inspector General (OIG) of The Department of Health and Human Services (HHS) reveal that online health care insurance exchanges could be the next juicy target for hackers looking for consumers’ personal information. … Continue Reading
Higher education institutions are increasingly targets of data breaches due to the vast amount of private information, including educational, medical and employee data, they maintain. It is no longer a question of if a data breach will occur, but when. Academic institutions can take certain measures to minimize exposure in the event of a breach, … Continue Reading
Recent cybersecurity trends have shown that no company is safe from the threat of a data breach. It is now a matter of “when”, not “if”, a breach will occur. Companies and their employees can take preventive measures such as establishing network monitoring, developing a robust data security programme, implementing a incident response plan, and … Continue Reading
Medical device companies and manufactures of other connected devices need to be attentive to the ever-increasing risk of a cybersecurity breach affecting their own devices and the hospitals and other health care organizations where their devices are connected. Taking these challenges into consideration, the FDA has issued several guidance documents concerning cybersecurity for medical devices. … Continue Reading
On 25 July 2015 in Germany, the new IT Security Act entered into force. The law aims to improve IT security in companies and public bodies, especially in the field of critical infrastructure, thus stipulating minimum security standards and reporting obligations for operators and providers of communication systems. The law will affect institutions listed as … Continue Reading
U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to … Continue Reading
On 23 June, the UK government introduced a new online cyber security training course designed to assist the procurement profession to stay safe online. After a recent government survey found that half of the worst breaches were caused by human error, the government aims to increase awareness and help organisations reduce risk. The course, freely … Continue Reading
The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’). First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation … Continue Reading
The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’). First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation … Continue Reading
Mississippi Attorney General (AG) Jim Hood is the president of the National Association of Attorneys General (NAAG), the professional association for the AGs of all 50 states, DC and the U.S. territories. As NAAG president, Hood has selected cybersecurity and digital privacy, as well as counterfeiting and IP theft, as topics of policy focus for … Continue Reading
A report by PWC on the Global State of Information Security Survey identified that 2014 saw a 48% increase of security incidents over 2013, with the resulting financial loss increasing by an average of 34%. In the United States, President Obama called cyber threats from overseas a ‘national emergency’; and the UK Department of Business … Continue Reading
The oracle of Silicon Valley, Mary Meeker – a partner at Kleiner Perkins – just published her highly anticipated 2015 Internet Trends Report. Meeker’s report is the ultimate compilation of essential technology statistics, and is one of the most widely read and respected insights into the future of the Internet and technology trends. Encompassing everything … Continue Reading
Reed Smith has been closely following the interest and activities of State AGs in the areas of privacy and cybersecurity, and recently blogged on a major NAAG (National Association of Attorneys General) conference in April on these topics. That conference, which was sponsored by the Mississippi AG, was meant to educate AGs – most of … Continue Reading
Following a data breach, it is the responsibility of the general counsel and in-house legal department to quickly assess the situation and immediately provide a coherent and thoughtful initial report to the CEO. The following nine steps should be able to help prepare an effective briefing in about 30 minutes and get through a computer … Continue Reading
Passage of the draft Directive on Trade Secrets (the ‘Directive’), proposed in November 2013, looks imminent. We’re expecting that the final Directive will be published this summer, giving each of the 28 EU Member States two years in which to enact national implementing legislation. The new Directive aims to harmonise the differing national laws protecting … Continue Reading
