The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 1, No. 3 (May 6, 2015) Print IssuePrint This Issue

  • Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two)

    Growing cybersecurity demands on companies require effective reporting lines and operational structures to manage cybersecurity-related job functions.  Experts agree that it is optimal to have both a Chief Cybersecurity Officer or Chief Information Security Officer (CISO) and a separate Chief Privacy Officer (CPO).  Some companies confuse these positions, thinking “that the security person should know all things privacy and the privacy person should know all things security, and that is clearly not the case,” Michael Overly, a partner at Foley & Lardner told The Cybersecurity Law Report.  In this two-part article series, we define and distinguish the roles of the CPO and CISO.  Part One focuses on the CISO – including core responsibilities, best practices for structuring reporting lines, and considerations when hiring for the position – and Part Two will focus on the CPO. 

    Read full article …
  • Lessons from the 2013 Target Data Breach: What Future Resolutions of Large-Scale Data Breaches May Look Like

    The legal fallout from the massive Target data breach that compromised the credit card and personal information of up to 110 million customers has been significant.  Target was named in over 50 class action lawsuits, filed both by consumers whose information was compromised and financial institutions that issued at least 40 million compromised cards.  In a guest article, Debevoise & Plimpton attorneys Jeremy Feigelson, David A. O’Neil, Jim Pastore and Megan K. Bannigan detail the two settlements Target has announced, and discuss how those settlements provide insight on the form future large-scale data breach settlements could take.

    Read full article …
  • Gibson Dunn Attorneys Discuss the Impact of Obama’s Executive Order Creating New Tools to Fight Cyber Attacks

    On April 1, 2015, President Obama issued an Executive Order declaring that the threats caused by “malicious cyber-enabled activities” had created a state of national emergency.  The order launches a sanctions program targeting foreign cyber attackers, allowing regulators to freeze assets and bar financial transactions, among other things.  Gibson, Dunn & Crutcher partners Alexander Southwell, Judith Lee, Jose Fernandez and associates Stephenie Gosnell Handler and Eric Lorber discussed the impact of this important order and these new tools with The Cybersecurity Law Report.

    Read full article …
  • Top Private Practitioners and Public Officials Detail Hot Topics in Cybersecurity and Best Practices for Government Investigations

    A former federal judge, officials at the Consumer Financial Protection Bureau and the DOJ as well as attorneys from Crowell Moring and Document Technologies Inc. were among the panelists at a recent program hosted by the Practising Law Institute.  The panel covered a broad range of topics including public awareness of data security issues; the scope and operation of government investigations regarding data breaches; practical advice for companies developing data security programs; and recent legal issues and developments related to data security.

    Read full article …
  • Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two)

    Financial services firms are a key target of hackers and responding to the breaches they may cause does not come cheap – the average response cost in the financial services sector is more than double the overall average of $5.84 million, according to data from the Ponemon Institute LLC.  As incidents increase, regulators are paying closer attention and firms are spending more on cyber preparedness.  A recent program sponsored by K&L Gates and the Investment Adviser Association surveyed the current cybersecurity threat environment and SEC cybersecurity initiatives for the financial services sector; summarized the applicable laws and regulations that bear on cybersecurity; considered the multitude of cybersecurity risks faced by investment managers; and offered a number of strategies for mitigating those risks. 

    Read full article …
  • The SEC’s Updated Cybersecurity Guidance Urges Program Assessments 

    With its new Investment Management Guidance Update on cybersecurity, the SEC is “now looking at more comprehensive assessment of controls and threats, not just from external sources but also internal sources,” Marc Lotti, a partner at ACA Aponix, told The Cybersecurity Law Report.  “Right now, investors and SEC don’t see [disregarding technology risk] as ignorant, they see it as negligent.”  The Guidance discusses actions that investment advisers and companies should consider to mitigate those risks and enhance their cybersecurity programs.

    Read full article …
  • Cybersecurity and Government Contracts Specialist Mark J. Nackman Joins Jenner & Block

    On May 4, 2015, Jenner & Block announced that Mark J. Nackman, former general counsel for General Dynamics Advanced Information Systems, is joining the firm’s Government Contracts Practice in the Washington, D.C. office. 

    Read full article …
  • Former Assistant U.S. Attorney Joins Wiley Rein

    Wiley Rein recently announced that Matthew J. Gardner has joined its Cybersecurity and White Collar Defense & Government Investigations practices as of counsel.  Gardner previously worked in the Cybercrime Unit as a federal prosecutor in both the Eastern District of Virginia and the Southern District of California.

    Read full article …