The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 1, No. 18 (Dec. 9, 2015) Print IssuePrint This Issue

  • Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part Two of Two)

    The enormous liability and costs that cyber incidents generate make cyber insurance a new reality in corporate risk management plans across industries.  This article, the second article in the series, explores policy exclusions and pitfalls to watch out for, including lessons from recent cyber insurance coverage litigation and steps companies can take to increase the likelihood of insurance coverage under their cyber policy.  Part one in the series covered navigating the placement proces –  having the proper individuals involved, finding the right insurer and securing the best policy for your company.  See also “Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read full article …
  • Avoiding Privacy Pitfalls While Using Social Media for Internal Investigations

    Social media can offer valuable information to companies conducting internal investigations.  However, companies must be vigilant about employees’ privacy rights as well as the laws and restrictions in place to protect those rights.  Lily Chinn, a partner at Katten Muchin Rosenman, spoke with The Cybersecurity Law Report about these privacy challenges and the proactive steps companies should take to avoid liability and complications, including how departments should coordinate and specific points that should be addressed in company policies.  See also “Examining Evolving Legal Ethics in the Age of the Cloud, Mobile Devices and Social Media (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 11 (Aug. 26, 2015); Part Two, Vol. 1, No. 12 (Sep. 16, 2015).

    Read full article …
  • The Multifaceted Role of In-House Counsel in Cybersecurity 

    To effectively advise corporations on cybersecurity issues, in-house counsel must navigate myriad issues that can vary across industries, state and international jurisdictions as well as privacy and information security contexts.  A recent PLI program brought together privacy and information security counsel from various industries to share insights on the role of in-house counsel charged with securing business-critical and confidential data and technology.  They discussed the different responsibilities for data privacy and cybersecurity professionals, international data privacy and protection laws, and offered strategies for in-house counsel to prevent internal cybersecurity threats, develop breach prevention and response policies and handle vendors.  The panel was moderated by Lori E. Lesser, a partner at Simpson Thacher, and included top practitioners Rick Borden, chief privacy officer at the Depository Trust & Clearing Corporation; Nur-ul-Haq, U.S. privacy counsel at NBCUniversal Media; Michelle Ifill, senior vice president at Verizon and general counsel of Verizon Corporate Services; and Michelle Perez, assistant general counsel of privacy for Interpublic Group.  See “Analyzing and Complying with Cyber Law from Different Vantage Points (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 8 (Jul. 15, 2015); and Part Two, Vol. 1, No. 9 (Jul. 29, 2015).

    Read full article …
  • Proactive Steps to Protect Your Company in Anticipation of Future Data Security Litigation (Part Two of Two)

    There are several steps companies can take before and after a data breach to best position themselves for the litigation likely to follow.  In this second installment of our coverage of a recent Mintz Levin webinar, partners Kevin McGinty and Mark Robinson explore best practices for internal investigations and common defenses in data breach class actions.  The first article featured insight from partner Meredith Leary on how companies can put themselves in the best position now to defend their actions post-breach and Robinson’s list of threshold questions that companies can ask themselves at the outset of a data breach internal investigation.

    Read full article …
  • How the Financial Services Sector Can Meet the Cybersecurity Challenge:  A Snapshot of the Regulatory Landscape (Part One of Two)

    The cyber focus has become increasingly intense for the financial services sector.  Industry compliance personnel are challenged to keep up with cybersecurity requirements in this area, with new major regulatory developments occurring on a regular basis.  In a guest article, the first in a two-part series, Moshe Luchins, the deputy general counsel and compliance officer of Zweig-DiMenna Associates LLC, explores the current cybersecurity regulatory expectations applicable to the financial services sector.  The second article will provide a practical blueprint for building a cyber compliance program.  See also “Debunking Cybersecurity Myths and Setting Program Goals for the Financial Services Industry,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read full article …
  • Year-End HIPAA Settlements May Signal More Aggressive Enforcement by HHS

    The Department of Health and Human Services’ Office for Civil Rights recently entered into two significant settlements, one with a healthcare insurance company and the other with a hospital, to resolve HIPAA charges.  Triple-S Management Corporation and its relevant subsidiaries agreed to pay a $3.5 million fine and take a series of corrective steps following several breaches involving protected health information.  Lahey Clinic Hospital, Inc. agreed to pay $850,000 and adhere to an action plan following the theft of a device that contained patient electronic protected health information.  Although there are still “a relatively small number of [OCR settlements] each year . . . the penalties have been steadily rising and I expect they will continue to do so,” Robert Belfort, a partner at Manatt, told The Cybersecurity Law Report.  See also “Steps to Take Following a Healthcare Data Breach,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read full article …
  • Former FCC Advisor Returns to Willkie

    Daniel K. Alvarez, former legal advisor to Federal Communications Commission Chairman Tom Wheeler, has recently joined Willkie Farr & Gallagher as a partner in its Washington, D.C. office.  Prior to joining the FCC, Alvarez was an associate in Willkie’s Washington office for more than eight years, advising clients on communications, broadband, media and privacy-related issues.

    Read full article …
  • Deputy Data Protection Commissioner Joins A&O Data Protection Practice

    Allen & Overy has announced the appointment of David Smith to its London data protection team.  A former deputy commissioner at the U.K.’s independent data privacy authority – the Information Commissioner’s Office (ICO) – Smith will join A&O as a special adviser in January 2016 through Peerpoint, A&O’s flexible resourcing business.  

    Read full article …
  • The Cybersecurity Law Report Will Not Publish During Holiday Weeks

    Please note that The Cybersecurity Law Report will interrupt its normal biweekly publishing schedule for the winter holidays and after this issue will resume publishing January 6, 2016.

    Read full article …