By

Alan Charles Raul

19 May 2017

SEC Issues “WannaCry” Ransomware Alert to Broker-Dealers and Investment Companies

On May 17, 2017, the SEC’s Office of Compliance Inspections and Enforcement (OCIE) issued a cybersecurity alert to the securities firms it regulates. OCIE advised broker-dealers and investment companies to take certain actions in connection with the recent WannaCry and Wanna Decryptor ransomware attacks that affected numerous organizations in over one hundred countries.  Specifically, OCIE encouraged firms as follows: (more…)

SHARE
EmailPrintShare
15 May 2017

President Trump Signs Executive Order on Cybersecurity at Federal Agencies

On Thursday, May 11, President Trump signed an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure.  The order is expected to prompt a broad examination of cybersecurity vulnerabilities at federal agencies and re-orient federal cybersecurity efforts toward modernization and shared services.  The order also reaffirms the previous administration’s approach to cybersecurity protections for critical infrastructure – with increased emphasis on the power grid – and seeks to promote the growth and sustainment of the nation’s cybersecurity workforce in the public and private sectors.  (more…)

SHARE
EmailPrintShare
14 March 2017

Google’s Overseas Warrants: A Game of Tug-of-War Over Access to Data

On February 3, 2017, Eastern District of Pennsylvania Magistrate Judge Thomas J. Rueter ordered Google to comply with FBI search warrants to produce emails stored on foreign servers as part of a domestic criminal investigation.  In re Search Warrant No. 16-960-M-01 to Google (E.D. Pa. Feb. 3, 2017).  This ruling comes on the heels of the Second Circuit’s decision in Microsoft Corp. v. United States, 829 F.3d 197 (2d Cir. 2016) (denied rehearing on January 24, 2017), which reached an opposite decision and held that Microsoft could not be forced to turn over user data stored on a server located in Ireland.  (For more background, see Second Circuit Microsoft Ruling: A Plea for Congressional Action (August 8, 2016)).

(more…)

SHARE
EmailPrintShare
24 February 2017

New NACD Cyber-Risk Handbook a Reminder of Critical Board Oversight Duties

*This article first appeared in Bloomberg BNA Corporate Law & Accountability Report on February 23, 2017

On Jan. 12, 2017, the National Association of Corporate Directors (NACD) released its new “NACD Director’s Handbook on Cyber-Risk Oversight.” The NACD has suggested that directors can use this Cyber-Risk Oversight Handbook as a resource to “[l]earn foundational principles for board-level cyber-risk oversight” and gain insight into issues including how to:

  • “allocate cyber-risk oversight responsibilities at the board level”;
  • address “legal implications and considerations related to cybersecurity”;
  • “set expectations with management about the organization’s cybersecurity processes”;
  • “improve the dialogue between directors and management on cyber issues”; and,
  • “improve and enhance boardroom practices.”

Read More

SHARE
EmailPrintShare
13 February 2017

Sidley Perspectives on M&A and Corporate Governance: Cybersecurity M&A Due Diligence and Protecting Privilege

The potential liability from a material cyber-attack is wide-ranging. Accordingly, companies that experience network intrusions, system disruptions or unauthorized access to information databases must be prepared for a variety of potential consequences, each attended by its own costs…[read more]

SHARE
EmailPrintShare
31 January 2017

2016 Year in Review and 2017 Preview: Top Ten for Data Protection and Privacy

2016 was a year of seismic changes in the global data protection and privacy landscape.  Here, we look back at the top ten events and issues that shaped 2016, and are poised to shape the year ahead as well.

Year In Review

1. GDPR Adoption

On April 14, the European Parliament voted to adopt the long-awaited EU General Data Protection Regulation (GDPR), formally completing adoption of the GDPR. The GDPR was published in the Official Journal of the EU on May 25, 2016, giving companies and Member States until the May 25, 2018 effective date to implement the Regulation fully. In the wake of its adoption, businesses should have planning under way for implementation of the significantly expanded Regulation by evaluating whether they are subject to the expanded jurisdiction, and if so, completing an internal gap analysis of current data protection practices as compared with the new requirements and rights under the Regulation. Some of the key aspects to consider include data breach response planning under the new 72-hour notice requirement, reviewing existing data protection notices and consents for the more robust obligations, identifying current profiling activities and existing data protection and retention policies and procedures, ensuring privacy impact assessments are carried out where required, and evaluating whether there is an obligation to appoint a data protection officer.  Despite the time until the effective date, the extensive preparation necessary to comply presents a challenge as companies around the world refocus resources to develop compliance plans.

2. Political Cyber Warfare

There is a new front in geopolitical battles.  (more…)

SHARE
EmailPrintShare
25 January 2017

Fate Unclear for Obama Administration Cyber Sanctions

On December 28, 2016, former President Obama issued Executive Order 13757, Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (E.O. 13757). E.O. 13757 amends an earlier Executive Order 13694 (E.O. 13694) of April 1, 2015[1], under which the President declared a “national emergency” to deal with the “unusual and extraordinary threat” to U.S. national security, foreign policy and the economy posed by malicious cyber-enabled activities conducted by persons outside the United States in relation to the November 2016 election. Through the December 2016 amendment, President Obama took “additional steps” to deal with such malicious cyber activities in view of their increasing use “to undermine democratic processes or institutions.”

(more…)

SHARE
EmailPrintShare
19 January 2017

The Economic Case for Preserving PPD-28 and Privacy Shield

*This post first appeared in Lawfare on January 17, 2017.

As the new administration takes office this week, we will start to see just how literally to take Donald Trump’s pronouncements and the promised targeting of his predecessor’s executive orders for immediate destruction. Trade policy appointments signal that statements about being aggressive against barriers to trade should be taken very literally.  Wilbur Ross, the prospective Commerce Secretary; Peter Navarro, tapped to lead a new Trade Council on the White House staff; and Robert Lighthizer, designated U.S. Trade Representative, all have been vociferous in calling out China’s mercantilist policies and advocating a more transactional approach to breaking down market barriers in the world’s second largest national economy.

[Read More…]

SHARE
EmailPrintShare
13 January 2017

NIST Issues Draft Revision to Cybersecurity Framework

The National Institute of Standards & Technology (NIST) has issued a revised draft version of its Cybersecurity Framework. The document is issued as “Version 1.1″ of the existing framework, redlined to show changes from the original framework issued almost three years ago. It is a draft, seeking comment. No period for public comment is specified, except that NIST expects to hold a public workshop on the revised draft “around the fall of 2017.”

(more…)

SHARE
EmailPrintShare
19 September 2016

New York State Department of Financial Services Proposes Regulations Imposing Detailed Cybersecurity Rules on Insurance, Banking and Other Licensed Financial Institutions

On September 13, 2016, the New York State Department of Financial Services (“NYDFS”) proposed regulations outlining minimum requirements for NYDFS-regulated entities to address cybersecurity risk (“Proposed Regulations”). The NYDFS regulates entities and products that are subject to New York insurance, banking and financial services laws. Because the scope of the Proposed Regulations includes any entity “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law,” the Proposed Regulations will cover a broad range of entities in the banking, insurance and financial services industries, including insurance producers and premium finance companies.

(more…)

SHARE
EmailPrintShare
1 2 3 7
XSLT Plugin by BMI Calculator