The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 1, No. 5 (Jun. 3, 2015) Print IssuePrint This Issue

  • How Companies Are Preparing for the Imminent Liability Shift for Counterfeit Credit Cards

    Traditionally, credit card companies have taken the hit when a counterfeit card is used for a point-of-sale transaction, but as of October 1, 2015, MasterCard and Visa are shifting the risk onto the issuers and merchants for counterfeit card transactions if the issuers and merchants have not switched to chip card technology.  This change, while an improvement, still will not bring the U.S. current with the international marketplace, which uses the more secure “chip-and-PIN” method.  This article explores the chip technology involved in the liability shift and its strengths and weaknesses, as well as how affected companies are preparing for the liability shift, and for improved technology that may follow soon.

    Read full article …
  • In a Candid Conversation, FBI Director James Comey Talks About the “Evil Layer Cake” of Cybersecurity Threats (Part One of Two)

    In a wide-ranging and frank conversation with WilmerHale partner Ben Powell at the annual Georgetown Cybersecurity Law Institute, FBI Director James Comey likened the cybersecurity dangers the country faces to an “evil layer cake” and called general counsels (including himself in his former role) “obstructionist weenies.”  This article, the first part of the CSLR’s two-part series, covers Comey’s remarks about: how the FBI has adapted its techniques in the face of cyber threats; the FBI’s relationship with local law enforcement agencies and the private sector; his concerns about the encryption of data; and how the FBI has expanded its information-sharing programs with the private sector.  In the second part, we will cover Comey’s views on: the role of the FBI in relation to other law enforcement agencies; international cybersecurity developments; international cooperation in a post-Snowden world; misperceptions about the FBI that he hears from the private sector; information-sharing legislation; and how the FBI competes with the private sector for talent.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read full article …
  • Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients

    Handling and discussing sensitive and confidential information is an essential aspect of law practice.  But, defending against cybersecurity threats attached to the increasing digital form of such information presents particular challenges to law firms and their service providers.  In a guest article, Jennifer Topper of Topper Consulting explores cybersecurity vulnerabilities at law firms that service providers often do not understand; structural and operational obstacles to addressing those vulnerabilities; and steps that law firms are taking, as client pressure increases, to address this critical issue.  In a subsequent issue of The Cybersecurity Law Report, Topper will provide a non-technical questionnaire corporate clients can use to help understand the data security at the law firms they use.  See also “How Can a Company Mitigate Cyber Risk with Cross-Departmental Decisionmaking?,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read full article …
  • Navigating Data Breaches and Regulatory Compliance for Employee Benefit Plans

    Employee benefit plans, including health and pension plans, are prime targets of hackers, as evident from the most recent Anthem and Premera crises, and the proper proactive and reactive steps are key to mitigating breach risk and breach fallout.  In a recent Strafford webinar, Ogletree Deakins attorneys Vance E. Drawdy, Timothy G. Verrall and Stephen A. Riga shared their insights on best practices for fiduciaries and sponsors to navigate the complex state and federal regulations on data breaches that are applicable to ERISA benefit plans.  This article details some of their advice on preventing, assessing and responding to a plan data breach.  See also “Steps to Take Following a Healthcare Data Breach,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read full article …
  • Ponemon Study Finds Increasing Data Breach Costs and Analyzes Causes

    The average cost of a data breach increased from $3.52 million last year to $3.79 million this year, according to a recently-released Report by IBM and the Ponemon Institute.  The Report analyzes trends that have contributed to the overall cost increase of data breaches as well as factors that can reduce or increase the cost of individual data breaches.  The Report also breaks down types of breaches and compares data across 11 nations, several industries and results from the previous two years.  And, the Report predicts the likelihood an organization will experience a breach of various sizes over a 24-month period.

    Read full article …
  • Private and Public Sector Perspectives on Producing Data to the Government

    Document requests from the government during a breach investigation can be overwhelming, even for large companies.  During a panel at Practising Law Institute’s 2015 Government Investigations event, officials from the DOJ, CFTC and SEC, along with private practitioners, shared their insight on the first steps companies should take after receiving a subpoena or other request, how to effectively negotiate with the government about the scope of the request, whether and how the government takes the burden of document productions on companies into account, and more.  See also “Top Private Practitioners and Public Officials Detail Hot Topics in Cybersecurity and Best Practices for Government Investigations,” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015).

    Read full article …
  • Cybersecurity Attorney Harvey Rishikof Joins Crowell & Moring

    Crowell & Moring recently announced the addition of Harvey Rishikof as a senior counsel in the firm’s privacy & cybersecurity practice and government contracts group.  A leader in the fields of national and cyber security, he represents the legal community at meetings and forums on national security, cybersecurity and terrorism.  He joins the firm from the National War College at the National Defense University in Washington, D.C., where he was most recently the dean of faculty.

    Read full article …
  • Drinker Biddle Names Chief Data Scientist

    Drinker Biddle & Reath recently named Bennett Borden the firm’s first chief data scientist (CDS).  In this role, Borden will oversee the implementation of technologies and services that apply data analytics and other cutting-edge tools to the practice of law.  Drinker Biddle is one of the first law firms to carve out a leadership position overseeing data analytics.

    Read full article …