On January 25, 2019, a settlement agreement was reached between a utility company, which allegedly violated the Critical Infrastructure Protection (CIP) Reliability Standards, and the North American Reliability Corporation (NERC). Through this settlement, NERC provides guidance to the electric industry for compliance with the CIP Reliability Standards. The substantial penalties should prompt companies to educate … Continue Reading
In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system. The … Continue Reading
The Food and Drug Administration (FDA) published a draft update to its premarket cybersecurity guidance for device makers on October 18, 2018. The expanded draft guidance includes recommendations on tiered classification of cybersecurity risk, trustworthiness, cybersecurity bill materials, and device cybersecurity labeling that are specific enough to be helpful to manufacturers while at the same … Continue Reading
China’s new “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” went into effect on November 1, 2018. It is the latest regulation passed by China’s Ministry of Public Security that executes China’s Cybersecurity Law, which took effect in June of last year. The regulation gives China’s Public Security Bureaus (PSBs) broad … Continue Reading
On September 27, 2018, as part of the Department of Justice’s (DOJ) cybersecurity roundtable discussion, the DOJ’s Cybersecurity Unit issued Best Practices for Victim Response and Reporting of Cyber Incidents (the Best Practices), including a Cyber Incident Preparedness Checklist. As noted by the DOJ, the Best Practices do not have the force of law, and … Continue Reading
Company response to major data breach results in first-of-its-kind fine for improper disclosure to investors On April 24, 2018, U.S. Securities and Exchange Commission (SEC) and Altaba Inc., (formerly known as Yahoo! Inc.) agreed to settle SEC Division of Enforcement charges stemming from the compromise of 3 billion Yahoo accounts that occurred in 2013 and … Continue Reading
In the wake of recent cyberattacks, cities and states are taking a stand. On March 29, New York City (the City) Mayor Bill de Blasio announced NYC Secure, an initiative that will include a suspicious activity alert app for residents and security upgrades to the City’s public Wi-Fi networks.[1]The initiative is intended as a citywide … Continue Reading
A Washington Legal Foundation legal opinion titled “The FTC’s Black-Box Determination of Information’s Sensitivity Imperils First Amendment and Due-Process Rights” and written by Gerry Stegmaier, Wendell Bartnick, and Kelley Chittenden illustrates the troubling fact that although businesses are tasked with implementing “reasonable” data security that hinges, in part, on the sensitivity of information, the Federal … Continue Reading
On Tuesday, January 23, Lloyd’s of London co-published a report with AIR Worldwide highlighting the significant financial fallout that could occur in the event of a cyber incident or shutdown of a cloud computing provider in the United States, noting that losses could be to the tune of about $19 billion – of which only … Continue Reading
With breaches of nearly 150 million Americans’ personal information flooding the news the last few weeks, followed by the filing of more than 50 class action lawsuits to date, and the announcement of an FTC investigation, cybersecurity is squarely on the minds of and on the table in boardrooms across the country. On September 14, … Continue Reading
Cyber attacks are becoming increasingly sophisticated and the potential fall out from such an attack can be extremely costly. Modern day ships are run by computers which provides an opportunity for malicious programmes to take control of a vessel. Click here to read more about this issue on our Ship Law Log blog. … Continue Reading
On Monday, May 11, 2017, President Donald Trump signed an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The Executive Order comes after Trump had postponed signing a similar executive order on cybersecurity on Feb. 1, and another draft executive order had been circulated Feb. 10. The final Executive Order aligns … Continue Reading
In the recent case of Prince Moulay Hicham v Elaph Publishing Limited, the Court of Appeal held in a unanimous decision that a claimant could include an action under the UK Data Protection Act 1998 (‘DPA’) as an alternative means of redress. To read our full client alert in relation to this judgment, please click … Continue Reading
In a span of a few weeks in early January 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced two major settlements under the Health Insurance Portability and Accountability Act (“HIPAA”) relating to the breach of protected health information (“PHI”). Neither settlement included an admission of any liability, but … Continue Reading
Following the United Kingdom’s vote to leave the European Union, one thing is clear: the negotiations for the terms of the UK’s exit are likely to overlap with the implementation across the EU of the General Data Protection Regulation (GDPR) in May 2018. We have prepared a client alert to lay out the facts as they … Continue Reading
Just days after the Supreme Court’s ruling in Spokeo v. Robins, the highly anticipated decision is already impacting data breach class actions across the country. The defendant in the Spokeo case contended that the plaintiff had suffered no concrete injury, and that a mere statutory violation is not enough of an injury to give plaintiffs … Continue Reading
On April 5-7 2016, the National Institute of Science and Technology (NIST) hosted a workshop on its popular Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The workshop was preceded by a request for information that prompted 105 responses, many from industry associations representing hundreds of companies. The discussions at the workshop are likely to influence … Continue Reading
Ransomware and malware could potentially cripple your company and personal networks. Our previous post, Companies can insure against cyber ransom, states, “Ransomware is a form of malicious software, or ‘malware,’ that encrypts information or aspects of an organization’s computer network, preventing authorized users from accessing it.” As online hackers become more advanced, your company and … Continue Reading
On February 8 and 9, 2016, the French Directorate-General for Competition, Consumer Affairs and Prevention of Fraud (the ‘DGCCRF’) and the French Data Protection Authority (the ‘CNIL’), through an obviously concerted action, have publicised regulatory enforcement measures they are undertaking against Facebook. The DGCCRF is requiring Facebook to re-write its Terms and Conditions on the … Continue Reading
As the technology world is on the upswing, organizations may be at an increased risk for data breaches and cybersecurity incidents. “The Office of the Comptroller of the Currency examiners will be using the agency’s new Cybersecurity Assessment Tool in conjunction with information security and operational risk supervisory activities to determine an institution’s ability to … Continue Reading
Should “cyber products” be added to the United States Munitions List (USML)? Cyber-hacking and cyberterrorism are growing concerns for the national security of the United States, so this question could not go unanswered. The Defense Trade Advisory Group (DTAG) decided that “cyber products” should not be added to the USML. The addition of this broad … Continue Reading
Government audits continue to reveal that millions of people’s personally identifiable information is at risk. Continuous audit reports by the Office of the Inspector General (OIG) of The Department of Health and Human Services (HHS) reveal that online health care insurance exchanges could be the next juicy target for hackers looking for consumers’ personal information. … Continue Reading
Higher education institutions are increasingly targets of data breaches due to the vast amount of private information, including educational, medical and employee data, they maintain. It is no longer a question of if a data breach will occur, but when. Academic institutions can take certain measures to minimize exposure in the event of a breach, … Continue Reading
Recent cybersecurity trends have shown that no company is safe from the threat of a data breach. It is now a matter of “when”, not “if”, a breach will occur. Companies and their employees can take preventive measures such as establishing network monitoring, developing a robust data security programme, implementing a incident response plan, and … Continue Reading
