Last week, the Federal Trade Commission convened a ransomware workshop to discuss the rising epidemic of attacks against U.S. businesses and individuals. In a ransomware attack, a malicious actor tricks a user into...more
9/15/2016
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hackers ,
Malware ,
OCR ,
PHI ,
Popular ,
Ransomware
Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more
There is no doubt that companies face unprecedented volume and variation in both disruptive and intrusive cyberattacks on their networks. Among the different attack methodologies today, ransomware is quickly becoming a major...more
7/29/2016
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Malware ,
Notification Requirements ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Ransomware
On July 6, 2016, the European Parliament passed the Network and Information Security (“NIS”) Directive, over three years after the initial draft was proposed. The Directive will enter into force in August 2016. EU Member...more
The Supreme Court has made federal contracting more treacherous by extending the reach of False Claims Act (“FCA”) liability. While the decision related to FCA liability for misrepresentations related to staffing levels, the...more
Last week, the Seventh Circuit revived a data breach class action against P.F. Chang’s restaurant in an important opinion that continues a plaintiff-friendly trend that began with the court’s opinion in the Neiman Marcus case...more
The European Commission has announced that it has reached a deal to replace the EU-US Safe Harbor framework that was declared invalid last year by the Court of Justice of the European Union (“ECJ”). Heralded as the EU-US...more
On January 5, 2015, the Federal Trade Commission (FTC) entered into a consent order with dental software manufacturer Henry Schein Practice Solutions, Inc. ("Schein") in connection with allegations that Schein had made...more
On December 27, 2015, the Standing Committee of the National People's Congress, China's national legislative body, passed the Counter-Terrorism Law of China, which entered into force on January 1, 2016. Although the law's...more
On December 30, 2015, DoD published an interim rule, effective immediately, amending portions of the August Rule. Most importantly, pursuant to the new rule, contractors administering covered information systems that are not...more
On December 3, the Second Circuit Court of Appeals became the most recent entrant into the circuit conflict on the question of when and under what circumstances an employee’s use of a computer to gain access to unauthorized...more
On November 13, 2015, the Federal Trade Commission and the Federal Communications Commission entered into a Memorandum of Understanding to address coordination of consumer protection actions by each agency. Following a wave...more
Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more
10/15/2015
/ Big Data ,
Cloud Computing ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Health and Human Services (HHS) ,
Dropbox ,
Edward Snowden ,
Enforcement Actions ,
Ethics ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
FCC ,
Federal Trade Commission (FTC) ,
Google ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
International Data Transfers ,
Internet of Things ,
Ireland ,
Microsoft ,
National Security ,
National Security Agency (NSA) ,
OCR ,
Personal Data ,
Popular ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
Security Risk Assessments ,
US-EU Safe Harbor Framework
1. CJEU finds Safe Harbor Invalid -
In a landmark ruling delivered today, Europe's highest court, the Court of Justice of the European Union (CJEU) declared that the EU Commission's US - EU Safe Harbour regime is...more
10/7/2015
/ Cloud Computing ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Due Diligence ,
EU ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Concerns ,
Privacy Policy ,
Safe Harbors ,
US-EU Safe Harbor Framework ,
Young Lawyers
In March, we reported on the Business E-mail Compromise (BEC) scam where criminals target employees responsible for wiring company money, and trick them into wiring money under false pretenses to fraudulent accounts...more
9/8/2015
/ Business E-Mail Compromise (BEC) ,
Criminal Conspiracy ,
Cyber Crimes ,
Cybersecurity ,
Email ,
Email Policies ,
FBI ,
Fraud ,
Hackers ,
Money Transfer ,
Popular ,
Scams
The Seventh Circuit reinstates the Neiman Marcus data breach class action lawsuit after finding that increased risk of future fraudulent charges and greater susceptibility to identify theft are sufficient for standing.
...more
8/3/2015
/ Article III ,
Class Action ,
Credit Monitoring ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Fraudulent Charges ,
Free Identity Theft Protection ,
Identity Theft ,
Neiman Marcus ,
Popular ,
Standing
On Feb. 3, the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) each released reports regarding cybersecurity issues for brokerage and advisory firms, both of which should be...more
6/18/2015
/ Broker-Dealer ,
Brokers ,
C-Suite Executives ,
Cybersecurity ,
Enforcement ,
Financial Industry Regulatory Authority (FINRA) ,
Industry Examinations ,
Information Reports ,
Investment Adviser ,
OCIE ,
Popular ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
The Middle District of Tennessee recently issued a key decision in the ongoing Genesco, Inc. v. Visa U.S.A., Inc. data breach litigation. The court denied discovery requests by Visa for analyses, reports, and communications...more
On April 1, President Obama signed an Executive Order to combat the "national emergency" sparked by a rapidly evolving global cybercrime environment. The Executive Order directs the U.S. Treasury Department to impose...more
4/14/2015
/ Asset Freeze ,
Barack Obama ,
Blocked Entities ,
Blocked Person ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Executive Orders ,
National Security ,
Popular ,
Sanctions ,
SDN List ,
U.S. Treasury
On Feb. 26, 2015, in an effort to make “New York State’s computer infrastructure the most secure in the nation,” the New York State Senate passed a suite of four cybersecurity-related bills focused on protecting critical...more
On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves...more