This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018.
As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: (more…)
The fourth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the links below for a closer look at this developing area of law. (more…)
Washington, D.C. – Sidley Austin LLP is pleased to announce that Christopher Fonzone, former National Security Council (NSC) legal adviser and deputy assistant and counsel to President Obama, has joined the firm as a partner in its Washington, D.C. office. He will be a member of Sidley’s global Privacy and Cybersecurity practice. (more…)
Sidley is delighted to announce that The National Law Journal named Boston and Washington, D.C. senior counsel Cameron F. Kerry to its third annual “Cybersecurity and Data Privacy Trailblazers” special supplement. (more…)
*Article first appeared in Corporate Board Member on November 7, 2017
At a time when a major cybersecurity incident can cost a company millions, it’s crucial that acquiring companies give cybersecurity the same level of scrutiny as they do more traditional risks and opportunities in the M&A due diligence process. Yet too many deals suffer from superficial consideration of these issues.
Why the disconnect? Unlike other areas where companies face legal and regulatory implications, in-house and outside legal teams often lack well-developed methods to analyze cybersecurity risks, too often considering them technical issues beneath the notice of the bankers and lawyers. In many cases, deal teams lack the skill sets to analyze the issues effectively and cannot even speak the language of the CIOs and CISOs well enough to spot “alternative facts.” Boards need to ensure that they or their advisers—preferably both—have sufficient skills to assess cybersecurity risks and ask the right questions. (more…)
*This post originally appeared in Law 360 on October 24, 2017.
We’ve seen it happen time and again. When a company experiences a major data breach or hacking incident, media attention turns to speculation or allegations about the company’s past history of underinvesting in cyber defenses, its supposed culture of cyber complacency, or its history of unaddressed (but, in retrospect, allegedly clear) vulnerabilities. New information may come to light indicating the victimized company suffered previous breaches months, or years, earlier. Rumors of cyber-inadequacy gain currency among current and former employees and, ultimately, regulators and plaintiffs. Sometimes (but not always), these rumors, allegations, supposition and speculation even turn out to be true. (more…)
With the continued rise of data breaches rooted in a compromise of user credentials, interest has continued to build in more secure form of digital identities for authentication. Supporting controls for federal agencies as well as innovation in the market, the National Institute of Standards and Technology (“NIST”) published its four-volume Digital Identity Guidelines earlier this year on June 22, 2017. The Guidelines encourage online service providers (“OSPs”) to adopt design practices that promise to reduce unnecessary user frustration with password and identity verification systems, while at the same time increasing security. The primary purpose of the Guidelines is to promulgate technical requirements for federal agencies, businesses, however, could use the Guidelines as a baseline for their own cybersecurity systems—both to establish credibility and enhance the user experience. (more…)
London – Sidley Austin LLP is pleased to announce that Anthony Gardner, former U.S. Ambassador to the European Union, will join Sidley as senior counsel. He will be a member of both its International Trade and Privacy and Cybersecurity practices, and split his time between the firm’s London and Brussels offices. (more…)
Brussels – Sidley Austin LLP is pleased to announce that Wim Nauwelaerts has joined the firm as a partner in its Brussels office. He will be a member of Sidley’s global Privacy and Cybersecurity practice. (more…)
On May 23, 2017, the Commodity Futures Trading Commission (CFTC) unanimously approved proposed amendments to the recordkeeping obligations set forth in CFTC Regulation 1.31 (Recordkeeping Rule) which is applicable to all CFTC registered entities and other persons required to maintain records under the Commodity Exchange Act (CEA). The final amendments are intended to modernize the Recordkeeping Rule by making the form and manner in which regulatory records must be kept technology-neutral. The amendments provide recordkeepers with greater flexibility regarding the retention and production of CFTC regulatory records. The CFTC indicated that it does not believe the amendments impose any new recordkeeping requirements on any recordkeeper, and existing recordkeeping methods remain valid for compliance with the amended Recordkeeping Rule should a recordkeeper choose not to take advantage of the less-prescriptive, principles based approach of the amended Recordkeeping Rule. The final amendments also reorganized the Recordkeeping Rule for ease of understanding, including by adopting new definitions. The amendments represent a long-awaited and generally positive modernization of important CFTC rules that have often frustrated market participants. The effective date for the amended Recordkeeping Rule is August 28, 2017. (more…)