Category Archives: Cybersecurity

DHS Releases New Cybersecurity Strategy

By Jonathan E. Meyer on May 21, 2018 Posted in Cybersecurity, Privacy Regulation

On May 15, the Department of Homeland Security released its long-awaited Cybersecurity Strategy. The Strategy aims to reduce cybersecurity risk through “an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.” It sets a course of cybersecurity policy for the Department for the next five years and signals … Continue Reading

White House Eliminates Top Cybersecurity Position

By Jonathan E. Meyer on May 18, 2018 Posted in Cybersecurity, Privacy Regulation

On May 15, the White House announced that it was eliminating the position of Cybersecurity Coordinator at the National Security Council, the highest position at the White House devoted to cybersecurity. While not unexpected, this move is significant.… Continue Reading

NY Issues Data Breach Report

By Snehal Desai and Kari Rollins on April 12, 2018 Posted in Cybersecurity, Data Breach, Data Security

New York Attorney General, Eric. T. Schneiderman, stated in a recent press release that 9.2 million New Yorkers had their personal data compromised in 2017. Such data compromises were mainly due to large scale data hacks, such as the Equifax and Game Stop hacks. According to the NYAG office’s report, 1,583 data breaches were reported … Continue Reading

Privacy, Data Security, and Your Board: Day Five

By Kari Rollins and Liisa Thomas on March 2, 2018 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy

In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Three

By Kari Rollins and Liisa Thomas on February 28, 2018 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy

In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

Privacy, Data Security, and Your Board: Day Two

By Kari Rollins and Liisa Thomas on February 27, 2018 Posted in Cybersecurity, Data Security, Employee Privacy, Privacy

In our continuing series about privacy, data security and your board, we next turn to how to best educate a board. Yesterday we mentioned about how board members have a duty of care. Part of that duty includes effectively overseeing matters relating to privacy and data security (or the often-used buzzword “cybersecurity”). How can board … Continue Reading

SEC Takes Baby Steps on Cyber, but Signals Greater Vigilance

By Jonathan E. Meyer on February 27, 2018 Posted in Consumer Protection, Cybersecurity, Data Security, Privacy and Data Security

On February 21, the Securities and Exchange Commission issued new Interpretive Guidance regarding disclosures of cybersecurity-related information by publicly traded companies. This guidance comes in the context of public pressure on the SEC to update its 2011 Division of Corporation Finance guidance regarding cybersecurity risks and incidents. According to SEC Chairman Jay Clayton’s statement, this … Continue Reading

Justice Department Creates Cyber-Digital Task Force

By Jonathan E. Meyer and Townsend Bourne on February 26, 2018 Posted in Cybersecurity, Data Security, Government Privacy

On February 20, the Department of Justice announced that Attorney General Sessions had created a new, cross-departmental Cyber-Digital Task Force. He directed the Task Force to advise him on the most effective ways for DOJ to confront cyber threats and keep Americans safe. Specifically, the Task Force is charged with canvassing the work the Department … Continue Reading

The Encryption Battle Will Continue in 2018

By Jonathan E. Meyer on January 16, 2018 Posted in Cybersecurity, Data Security, Privacy, Privacy and Data Security

While they may disagree in other areas, one thing that former FBI Director James Comey, current Deputy Attorney General Rod Rosenstein, and current FBI Director Christopher Wray all have in common is their distaste for strong encryption that prevents the government from accessing information. In 2016, Comey and the Justice Department went to court to … Continue Reading

2017 Saw Ransomware on the Rise – 2018 Will See Even More

By Jonathan E. Meyer on January 8, 2018 Posted in Cybersecurity, Data Security

It’s fair to say that ransomware exploded in 2017. After inflicting an estimated $350 million in damage in 2015 and $850 million in 2016, at least one source estimates that it hit $5 billion last year. Most prominent among these were WannaCry, which shut down computers in 80 organizations affiliated with Britain’s National Health Service … Continue Reading

Will 2018 Bring Developments in Government Access to Electronic Records?

By Jonathan E. Meyer on January 4, 2018 Posted in Cybersecurity, Government Privacy

2018 should prove to be a particularly interesting year on the subject of government access to private electronic records, as 2017 has served as an interesting prelude to what’s ahead:… Continue Reading

How Will Breach Laws Develop in 2018?

By Liisa Thomas on January 3, 2018 Posted in Cybersecurity, Data Security, Privacy and Data Security

You hopefully already know that Maryland’s amendment to its data breach notification law went into effect this week (on January 1, 2018). We anticipate that other states may follow one of Maryland’s modifications, namely its expansion of the definition of personal information. Under the amended law “personal information” now includes an expanded definition of biometric information. Biometric … Continue Reading

Cybersecurity in the First Year of the Trump Administration

By Jonathan E. Meyer on December 27, 2017 Posted in Cybersecurity, Data Security, Privacy and Data Security

As might be expected, the first year of the Trump Administration saw a lot of activity on the cybersecurity front. In May, the Administration issued its “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” As we discussed in an analysis we issued shortly thereafter, the Order brought more accountability to agencies for monitoring their … Continue Reading

NIST’s Highly-Anticipated Security Requirements Draft Impacts Government Contractors’ Treatment of CUI

By Townsend Bourne on December 18, 2017 Posted in Cybersecurity, Data Security, Privacy

Government contractors have until December 31 to implement security requirements from NIST Special Publication (SP) 800-171 (here) as mandated by the Defense Federal Acquisition Regulation Supplement (DFARS). The requirements include provisions for protecting Controlled Unclassified Information (CUI) (government sensitive but unclassified information; see the CUI Registry here) in nonfederal systems and compliance is expected soon to … Continue Reading

Lessons Learned from Cyber Awareness Month – Part Four

By Jonathan E. Meyer on November 27, 2017 Posted in Cybersecurity

In this, our last post about learnings from cyber awareness month, we focus on developing the next generation of cybersecurity experts and increasing its size. According to a study by the Center for Cyber Safety and Education, within five years there will be a shortage of 1.8 million data security workers. This means companies will find it … Continue Reading

Lessons Learned from Cyber Awareness Month – Part Three

By Jonathan E. Meyer on November 20, 2017 Posted in Cybersecurity, Internet of Things

Following up on our prior posts, we now turn to the future of cybersecurity. In so doing, we are reminded that, just as technology and the Internet are rapidly changing, so is the need for defenses against cyber attacks. Today’s cutting edge includes smart cities, connected devices, digitized records and smart cars. They bring with them … Continue Reading

Lessons Learned from Cyber Awareness Month – Part Two

By Jonathan E. Meyer on November 16, 2017 Posted in Consumer Protection, Cybersecurity, Data Security, Privacy, Privacy and Data Security

Following up on our last post about Cyber Awareness, we now focus on cybersecurity in the workplace. All organizations – large and small, for-profit and non-profit – need to be vigilant about cybersecurity. According to one analysis, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017, or … Continue Reading

Lessons Learned from Cyber Awareness Month – Part One

By Jonathan E. Meyer on November 13, 2017 Posted in Cybersecurity

October was Cyber Security Awareness Month. As proclaimed by President Trump and organized by the Department of Homeland Security, Cyber Security Awareness Month is a time to focus on cybersecurity as a shared responsibility that affects all Americans. Now that it has come to an end, it’s worth reviewing some of the important points highlighted during the … Continue Reading

Presidential Executive Order on Cybersecurity: No More Antiquated IT

By John Chierichella, Jonathan E. Meyer and Townsend Bourne on May 30, 2017 Posted in Cybersecurity

On May 11, President Donald Trump issued his long-awaited Executive Order on cybersecurity, the ‘‘Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.’’ It had been in the works since early in the administration, and its release had been announced (and drafts leaked) several times, only to be pulled back and … Continue Reading

WannaCry Ransomware Alert

By Amber Thomson on May 18, 2017 Posted in Consumer Protection, Cybersecurity, Privacy and Data Security

This is not a drill. Companies and law enforcement agencies around the world have been left scrambling after the world’s most prolific ransomware attack hit over 500,000 computers in 150 countries over a span of only 4 days. The ransomware – called WannaCry, WCry, WannaCrypt, or WannaDecryptor – infects vulnerable computers and encrypts all of … Continue Reading

New York State Department of Financial Services Cybersecurity Regulation Poised to Reshape Existing Regulatory Landscape

By Jeff Kern and Christopher Bosch on January 30, 2017 Posted in Cybersecurity

In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”). While the revisions pare back some of the DFS Rule’s original requirements and add some much needed flexibility, the regulation will still impose many new obligations upon a wide array of financial institutions doing business … Continue Reading

Congress Likely to Focus on Cybersecurity in the Private Sector

By Sheppard Mullin on December 13, 2016 Posted in Cybersecurity

In a recent article in Entrepreneur, Sheppard Mullin partner Jonathan Meyer, a former Senate counsel to Vice President Biden and Deputy General Counsel at the Department of Homeland Security, points out that Congressional oversight of companies is likely to increase in the next two years, and that cybersecurity is among the hottest topics it is … Continue Reading

FCC Issues New Privacy Rules for Internet Service Providers: Safeguarding Consumers or Lulling Them Into A False Sense of Privacy?

By Jonathan E. Meyer, Aaron George, Carrie Ross and Megan Grant on November 1, 2016 Posted in Cybersecurity, Privacy

Last Thursday, in a vote split along party lines, the Federal Communications Commission (“FCC”) approved a new regulatory regime staking its claim to privacy regulation of both fixed and mobile Internet service providers (“ISPs”) like Comcast, Verizon, and AT&T. The FCC’s rules follow its decision in the Open Internet Order, released last year and analyzed … Continue Reading

Update on Data Breach and Data Privacy Class Actions Post-Spokeo

By David Cannon and Liên Payne on October 14, 2016 Posted in Cybersecurity, Data Security, Privacy

In May, the U.S. Supreme Court issued its opinion in Spokeo v. Robins, providing guidance on the “injury-in-fact” aspect of the constitutional standing requirement for putative class action plaintiffs. 136 S. Ct. 1540 (2016), as revised (May 24, 2016). Spokeo was quickly hailed by both plaintiff- and defense-side lawyers as a major victory, but in … Continue Reading

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree