The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 1, No. 9 (Jul. 29, 2015) Print IssuePrint This Issue

  • How to Prevent and Manage Ransomware Attacks (Part Two of Two)

    Even when companies take each recommended step to prevent a ransomware attack (such as properly training employees, backing up files, segregating data and limiting network access), a ransomware attack can still sneak through, and without a rapid proper response, cause widespread damage.  This article, the second of a two-part series, addresses how to handle a ransomware attack, when and how to report the incident, and strategies for working with law enforcement.  The first article in the series explained the threat and provided steps that companies can take to prevent ransomware attacks and mitigate the impact if one does occur.  See also “Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read full article …
  • Canada’s Digital Privacy Act: What Businesses Need to Know

    Companies that conduct business in Canada or collect data from Canada will need to make significant changes going forward to comply with the recently enacted Digital Privacy Act.  As Kirsten Thompson, Daniel G.C. Glover and Marissa Caldwell of McCarthy Tétrault explain, the substantial regulation mandates breach notification, imposes new consent requirements and significant fines, and changes the confidentiality requirements within government investigations.  In addition, it gives the Office of the Privacy Commission of Canada an enforcement role.  Even companies with no Canadian presence are looking closely at this legislation as the U.S., Europe and other countries debate legislative proposals of their own.  

    Read full article …
  • Managing the Increased Individual Risks and Responsibilities of Compliance Officers

    The heightened focus on cybersecurity has made the roles of compliance officers, often tasked with managing cybersecurity risk, more complex.  As they recognize the new challenges, more and more companies are naming full-time dedicated chief compliance officers.  In this interview with The Cybersecurity Law Report, Jonathan S. Feld, a partner and leader of the white-collar criminal defense & government investigations team at Dykema, discusses the changing role of compliance officers, the individual risks these officers take on and how the risks can be mitigated, as well as collaboration throughout the organization and the qualities that make a strong compliance officer.  See “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015); Part Two of Two, Vol. 1, No. 4 (May 20, 2015).

    Read full article …
  • How to Secure Evolving Mobile Technology and the Data It Collects (Part One of Two)

    Mobile device technology is changing at a rapid pace, as are the ways consumers are interacting with those devices.  This atmosphere is continually creating new cybersecurity and data privacy challenges that demand the attention of retailers, app developers, consumers and regulators.  During a recent panel at PLI’s Sixteenth Annual Institute on Privacy and Data Security Law, Aaron P. Simpson, a partner at Hunton & Williams, and H. Leigh Feldman, global chief privacy officer at Citi, discussed privacy and security issues in the mobile arena.  This article, the first of a two-part series, explains the specific challenges related to mobile and wearable technology and presents best practices for stakeholders as consumers demand control of their information.  See “Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).  The second article in the series will discuss the complex policy and regulatory landscapes for mobile devices in the U.S. and Europe, including enforcement efforts.  

    Read full article …
  • Analyzing and Complying with Cyber Law from Different Vantage Points (Part Two of Two)

    As breaches proliferate, civil litigations related to breaches have too – and some of them can become “bet the company” cases.  In our continued coverage of a recent conference hosted by Georgetown Law’s Cybersecurity Law Institute, panelists discuss the compliance lessons from shareholder derivative suits and class actions that have followed breaches, as well as how companies should use government cybersecurity guidance in their programs.  The moderator and panelists come to cybersecurity and data privacy with different perspectives – the panel included plaintiffs’ counsel from Edelson PC; principal for reliability and cybersecurity for Southern California Edison; in-house counsel at IT company CACI International; and defense counsel from Alston & Bird.  The first article of this two-part series contained the panelists’ insights on the sources of liability for companies, best practices when collecting personal data and takeaways from government enforcement actions.

    Read full article …
  • Seventh Circuit Reopens a Door for Plaintiffs in Data Breach Class Actions

    The Seventh Circuit recently revived a prominent data breach class action by reversing the lower court’s dismissal, and in doing so gave similarly situated plaintiffs ammunition to argue that they have standing.  In Remijas v. Neiman Marcus Group LLC, the Court found that class action plaintiffs satisfied the Article III standing requirements for injury, a hurdle that many similar plaintiffs have failed to clear.  The decision contains lessons for both plaintiffs and defendants in future data breach class actions.  See also “Lessons from the 2013 Target Data Breach: What Future Resolutions of Large-Scale Data Breaches May Look Like,” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015).

    Read full article …
  • Norma M. Krayem Joins Holland & Knight as Co-Chair of Data Privacy and Security Practice

    Holland & Knight recently announced that Norma M. Krayem has joined the firm as a senior policy advisor and the co-chair of its data privacy and security practice.  She was previously a principal and co-chair of the global data protection and cybersecurity industry group with Squire Patton Boggs.  Krayem focuses her practice on the impacts of cyber risks on critical infrastructure. 

    Read full article …