The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Current Issue Headlines

Vol. 2, No. 19 (Sep. 21, 2016) Print IssuePrint This Issue

  • Managing Data Privacy Challenges While Conducting Due Diligence and Investigations in China (Part Two of Two)

    For companies doing business in China, understanding data privacy and cybersecurity legal requirements under Chinese law is critical. But once a company is familiar with these basic legal contours, more practical concerns dominate the ability to successfully conduct internal operations and external transactions. In this article, the second in a two-part series on China’s data privacy and cybersecurity laws, we share insights from practitioners working in China on how companies can manage the actual challenges of running their businesses while staying on the right side of the law. The first article in the series explained the basic structure of the data compliance regime in China, including criminal law, civil law, industry regulations and the draft Cybersecurity Law. See also Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow” (Jul. 6, 2016).  

    Read full article …
  • What Private Companies Can Learn From the OPM Data Breaches

    The recent breaches of the U.S. Office of Personnel Management illustrate the importance of an effective information security program for businesses in both the public and private sector. A recently released exhaustive investigative report by the House Oversight and Government Reform Committee outlines findings and recommendations to help the federal government better acquire, deploy, maintain and monitor its information technology. “The [Report] is replete with recommendations that private sector entities should be considering seriously,” DLA Piper partner Jim Halpert told The Cybersecurity Law Report. This article summarizes the committee’s findings and examines valuable lessons applicable to both the public and private sectors. See also “White House Lays Out Its Broad Cybersecurity Initiatives” (Feb. 17, 2016).

    Read full article …
  • Seven Overlooked Business Costs of a Cyber Breach and Strategies for Avoiding Them

    It is no surprise that a breach can have substantial repercussions for a company. However, Deloitte has found that the extent and the duration of those impacts are greater than even experts anticipated. Its recent study highlights both well-known and less expected breach impacts, such as an increased cost to raise debt in capital markets and devaluation of trade names. Some of these effects can linger for years. We examine seven subtle but significant breach impacts – painting a complete picture of where companies “actually feel pain,” a Deloitte principal told us – and how to lessen those impacts. See also “Picking up the Pieces After a Cyber Attack and Understanding Sources of Liability” (Apr. 13, 2016).

    Read full article …
  • Steps Financial Institutions Should Take to Meet New York’s Proposed Cybersecurity Regulation

    With the ever-growing threat posed to the financial services industry by nation-states, terrorist organizations and independent criminal actors, earlier this month New York Governor Andrew Cuomo announced a proposed regulation that would require financial institutions to develop and implement cybersecurity programs to prevent and mitigate cyber attacks. After a 45-day comment period, following the upcoming publication in the New York State Register on September 28, the regulation is set to become effective January 1, 2017. “Even though the rules are not final, regulated financial institutions should begin considering how to comply today,” Orrick partner and cybersecurity & data privacy team co-chair Aravind Swaminathan told The Cybersecurity Law Report. In this article, we outline what companies need to do to be compliant with the new proposed regulation. See also “How the Financial Services Industry Can Manage Cyber Risk” (Jul. 20, 2016). 

    Read full article …
  • Learning How to Pick the Best Policy from Cyber Insurance Cases (Part Two of Two)

    The cyber insurance market is maturing. As policy definitions and exclusions come under judicial scrutiny, insureds are learning how to negotiate policies, and insurers are developing new policies to fill in coverage gaps. This article, the second part of our series covering a Knowledge Group webinar, includes the speakers’ insight on the importance of representations on the insurance application and ADR clauses in policies; what companies need to know about coverage of physical damage from breaches; and how new cyber policies may change the market. The first article included the panelists’ discussion of the current cyber insurance market and the issue of publication under CGL policies, as well as their analysis of recent cases to extract the questions companies should be asking insurers about key policy definitions and exclusions. See also “Building a Strong Cyber Insurance Policy to Weather the Potential Storm” Part One (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read full article …
  • Staying Cybersecure Without Mobile Device Management

    Control over employees’ devices can offer companies reassurance that they are protecting sensitive information. Many organizations, however, find they must proceed without mobile device management or enterprise mobility management due to cost or employee pushback over privacy concerns. At a recent Gartner webinar, Rob Smith, a research director at Gartner, examined factors organizations should consider as they decide whether to purchase and deploy MDM and EMM solutions. He also explained the pros and cons of other security approaches for organizations looking for alternatives. See also “Legal and Regulatory Expectations for Mobile Device Privacy and Security” Part One (Feb. 3, 2016); Part Two (Feb. 17, 2016).

    Read full article …
  • McDermott Expands Global Privacy and Cybersecurity Practice in Boston

    Mark E. Schreiber has joined McDermott Will & Emery in the Boston office as a partner and the leader of the firm’s global privacy and cybersecurity practice.

    Read full article …
  • Falcon Cyber Team Gains Former SEC Commissioner 

    Luis Aguilar, former SEC Commissioner, has joined Falcon Cyber Investments, a cybersecurity-focused private equity firm, as a partner, the firm recently announced.

    Read full article …