The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Interviews

  • From Vol. 3 No.2 (Jan. 25, 2017)

    Preparing to Meet the Deadlines of DFS’ Revised New York Cybersecurity Regulation

    The New York State Department of Financial Services proposed a cybersecurity regulation that raised many eyebrows when it was first introduced in September 2016. Taking into account the over 150 comments it received, the DFS published an updated version of the regulation at the end of 2016 and delayed the effective date by two months – until March 1, 2017. In this interview, Patterson Belknap Webb & Tyler LLP partner Craig A. Newman offers insight on what the new regulation means to covered institutions and the actions companies will need to take to be in compliance. See also “Steps Financial Institutions Should Take to Meet New York’s Proposed Cybersecurity Regulation” (Sep. 21, 2016).  

    Read Full Article …
  • From Vol. 2 No.21 (Oct. 19, 2016)

    Taking Action to Refocus on Security: Conversation With a CIO 

    Each sector faces both industry-specific as well as general data security risks. One challenge is implementing general cybersecurity best practices while also addressing the company's unique vulnerabilities. Ken Kurz, vice president of information technology and chief information officer at Corporate Office Properties Trust, a real estate investment trust focused on government and defense contractors, spoke with The Cybersecurity Law Report about evaluating current security efforts and taking substantial proactive steps involving people and technology to address the company’s priorities. See also “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two)” (May 6, 2015); Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.18 (Sep. 7, 2016)

    Using Information Sharing to Combat Cyber Crime While Protecting Privacy 

    Sharing cyber intelligence information across respective industries is becoming an increasingly important way to predict and possibly prevent cyber attacks. Many companies, however, are not sharing data efficiently or at all. Alfred Saikali, Shook Hardy & Bacon partner, and Andrew Moir, a partner in the London office of Herbert Smith Freehills, shared their insights with The Cybersecurity Law Report on the importance of and best approaches to information sharing. They also highlighted issues companies should consider to protect themselves when engaging in the process, both from U.S. and U.K. perspectives. See also “How the Legal Industry Is Sharing Information to Combat Cyber Threats” (Sep. 16, 2015).

    Read Full Article …
  • From Vol. 2 No.17 (Aug. 24, 2016)

    How GE’s Global CPO Approaches Shifting Regulations With Dynamic Implications 

    Shifting cybersecurity and data privacy regulations across industries and regions challenge many companies to frequently update their practices to remain compliant, not only at their home base, but also in other countries where they conduct business. Renard Francois, General Electric’s global chief privacy officer, spoke with The Cybersecurity Law Report in advance of ALM’s cyberSecure conference on September 27-28, 2016, at the New York Hilton, where he will participate as a panelist. An event discount code is available to CSLR readers inside this article. In our interview, Francois discusses some of the key ways GE’s privacy team approaches modifying practices to stay up-to-date with global regulations, and ensuring all stakeholders are informed and working collaboratively across businesses and departments. See also “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two)” (May 6, 2015); Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.15 (Jul. 20, 2016)

    Using Data Analytics to Combat Internal Cyber Threats

    Insiders with authorized access and malicious intent to misappropriate company data present significant threats to the protection of valuable information. EY senior manager Paul Alvarez and executive director Alex Perry recently spoke with The Cybersecurity Law Report about strategies and specific tools companies can use to analyze available data – such as employee behavior (including behavior on social media) and audio information – to identify and protect against these threats. See also “Strategies for Preventing and Handling Cybersecurity Threats From Employees” (Apr. 8, 2015) and “Designing, Implementing and Assessing an Effective Employee Cybersecurity Training Program” Part One (Feb. 17, 2016); Part Two (Mar. 2, 2016); and Part Three (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 2 No.5 (Mar. 2, 2016)

    Prosecuting Borderless Cyber Crime Through Proactive Law Enforcement and Private Sector Cooperation

    Identifying, locating and prosecuting cyber criminals is a complex operation that takes coordination efforts among various law enforcement agencies as well as the private sector. David Hickton, the U.S. Attorney for the Western District of Pennsylvania, spoke with The Cybersecurity Law Report in advance of the Financial Times Cyber Security Summit on March 16, 2016 in Washington, D.C., where he will participate as a panelist. An event discount code is available to CSLR readers inside the article. In our interview, Hickton addresses the challenges, changes, and private sector cooperation within cybersecurity law enforcement. See also our series featuring FBI Director James Comey’s discussion of the “‘Evil Layer Cake’ of Cybersecurity Threats” (Jun. 3, 2015); and “Cooperation Among Domestic and International Cybersecurity Law Enforcement Communities” (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 2 No.4 (Feb. 17, 2016)

    HIPAA Privacy Rule Permits Disclosures to Firearm Background Check System

    The current firearm background check system just became a little stronger thanks to the Department of Health and Human Services. The Department issued a Final Rule amending the HIPAA Privacy Rule to allow certain covered entities to disclose PHI about individuals prohibited from possessing or receiving firearms to the National Instant Background Check System without the individual’s prior consent. Lynn Sessions, a BakerHostetler partner, spoke with The Cybersecurity Law Report about the Final Rule, its implications and processes covered entities should put in place to mitigate risk. The Final Rule became effective February 6, 2016. See also “Year-End HIPAA Settlements May Signal More Aggressive Enforcement by HHS” (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 1 No.17 (Nov. 25, 2015)

    How to Protect Intellectual Property and Confidential Information in the Supply Chain

    Sharing information, including intellectual property, with third parties such as suppliers, distributors and consultants is essential for the operations of many companies but exposes them to various points of cyber risk.  Pamela Passman, President and CEO at the Center for Responsible Enterprise and Trade (CREATe.org), spoke with The Cybersecurity Law Report about how to assess and mitigate third-party and supply chain risk.  CREATe.org, a global NGO, works with companies and third parties with whom they do business to help put processes in place to prevent corruption and protect intellectual property, trade secrets and other confidential information.  See also “Protecting and Enforcing Trade Secrets in a Digital World,” The Cybersecurity Law Report, Vol. 1, No. 13 (Sep. 30, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    Orrick Attorneys Explain California’s New Specific Standards for Breach Notification

    California, a state that has been a leader in strong data security laws, has amended those laws to make their breach notification requirements more specific.  Aravind Swaminathan and Rishad Patel, Orrick partner and associate, respectively, spoke with The Cybersecurity Law Report about what companies need to know about the changes made by the amendments and how companies can approach the different notice requirements of 47 states.  The California changes take effect January 1, 2016 and include SB 570, which requires specific breach notice formatting; SB 34, which expands the definition of personal information and clarifies the substitute notice process; and AB 964, which clarifies the meaning of encryption.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.13 (Sep. 30, 2015)

    Protecting and Enforcing Trade Secrets in a Digital World

    In addition to consumer data and employee data, trade secrets also need to be a focus of cybersecurity programs, given their importance to companies and their vulnerability to cyber theft.  In this interview with The Cybersecurity Law Report, Matthew Prewitt, a partner and chair of the cybersecurity and data privacy practice and co-chair of the trade secrets practice at Schiff Hardin, discusses how to structure a process to identify and protect trade secrets from cyber risk, how to litigate trade secrets in the wake of an insider breach, and the changes that may come with the proposed Defend Trade Secrets Act of 2015.  See also “Strategies for Preventing and Handling Cybersecurity Threats from Employees,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.11 (Aug. 26, 2015)

    Seeking Solutions to Cross-Border Data Realities

    Transnational companies face complex challenges arising from their operations across jurisdictions, ranging from payroll logistics to responding to foreign governments’ evidentiary requests for digital data stored throughout the world.  In this interview with The Cybersecurity Law Report, Bryan Cunningham, a partner at Cunningham Levy, and Paul Rosenzweig, a partner at Red Branch Consulting, both senior advisors to The Chertoff Group, discuss myriad issues in transferring digital data across nations that have different privacy regimes, potential solutions, and their take on pending cases that could change how companies handle data.  See also “ECJ Hearing on Safe Harbor Challenges How U.S. Companies Handle European Data,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.10 (Aug. 12, 2015)

    How the Hospitality Industry Confronts Cybersecurity Threats that Never Take Vacations

    Technology offers travelers the convenience they value – such as software that recalls a frequent traveler’s preferences, room key cards that act as charge cards at resort restaurants, stores and more.  However, these amenities come with risks to the travelers (as well as responsibilities for the company offering the convenience) relating to the collection of sensitive data.  In this interview with The Cybersecurity Law Report, Eileen Ridley, a partner at Foley & Lardner, discusses the hospitality industry’s specific data privacy and cybersecurity challenges, and offers best practices in the collection, storage and protection of the increasing amount of personal data these companies are holding.

    Read Full Article …
  • From Vol. 1 No.9 (Jul. 29, 2015)

    Managing the Increased Individual Risks and Responsibilities of Compliance Officers

    The heightened focus on cybersecurity has made the roles of compliance officers, often tasked with managing cybersecurity risk, more complex.  As they recognize the new challenges, more and more companies are naming full-time dedicated chief compliance officers.  In this interview with The Cybersecurity Law Report, Jonathan S. Feld, a partner and leader of the white-collar criminal defense & government investigations team at Dykema, discusses the changing role of compliance officers, the individual risks these officers take on and how the risks can be mitigated, as well as collaboration throughout the organization and the qualities that make a strong compliance officer.  See “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015); Part Two of Two, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.6 (Jun. 17, 2015)

    In a Candid Conversation, FBI Director James Comey Discusses Cooperation among Domestic and International Cybersecurity Law Enforcement Communities (Part Two of Two)

    The FBI’s understanding of cybersecurity has advanced from the youth league to college-level in the past decade, FBI Director James Comey told WilmerHale partner Ben Powell at the annual Georgetown Cybersecurity Law Institute.  Much of that improvement has to do with growing cooperation between governments, and within our own, along with increased efforts by the private sector.  But, he said, the FBI needs to get to World Cup play.  This article, the second part of the CSLR’s two-part series, covers Comey’s frank comments about: the role of the FBI in relation to other law enforcement agencies; international cybersecurity developments; international cooperation in a post-Snowden world; pending information-sharing legislation in Congress; misperceptions about the FBI that he hears from the private sector; and how the FBI competes with the private sector for talent.  The first article discussed how the FBI has adapted its techniques in the face of cyber threats; the FBI’s relationship with local law enforcement agencies and the private sector; his concerns about the encryption of data; and how the FBI has expanded its information-sharing programs with the private sector. 

    Read Full Article …
  • From Vol. 1 No.5 (Jun. 3, 2015)

    In a Candid Conversation, FBI Director James Comey Talks About the “Evil Layer Cake” of Cybersecurity Threats (Part One of Two)

    In a wide-ranging and frank conversation with WilmerHale partner Ben Powell at the annual Georgetown Cybersecurity Law Institute, FBI Director James Comey likened the cybersecurity dangers the country faces to an “evil layer cake” and called general counsels (including himself in his former role) “obstructionist weenies.”  This article, the first part of the CSLR’s two-part series, covers Comey’s remarks about: how the FBI has adapted its techniques in the face of cyber threats; the FBI’s relationship with local law enforcement agencies and the private sector; his concerns about the encryption of data; and how the FBI has expanded its information-sharing programs with the private sector.  In the second part, we will cover Comey’s views on: the role of the FBI in relation to other law enforcement agencies; international cybersecurity developments; international cooperation in a post-Snowden world; misperceptions about the FBI that he hears from the private sector; information-sharing legislation; and how the FBI competes with the private sector for talent.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.4 (May 20, 2015)

    Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things

    The Internet of Things – physical objects with Internet connectivity – provides conveniences and efficiencies for consumers and companies but also security and privacy challenges.  In this interview with The Cybersecurity Law Report, Ed McNicholas, a partner at Sidley Austin and co-chair of the firm’s privacy, data security and information law practice, discusses how companies should address privacy notification with connected devices, the consent issues and cybersecurity threats presented by the Internet of Things, and the movement toward a personalized Internet.

    Read Full Article …