Category

Information Security

09 October 2020

Changes in Chinese Securities Law and Draft Data Security Law Affect Cross-Border Investigations

Recent changes to Chinese law have broad implications on cross-border data transfer in the course of investigations conducted by non-Chinese regulators. Clients work closely with counsel to navigate potential legal landmines in any defense of an investigation involving data from China.

Just over six months ago, on March 24, 2020, the People’s Republic of China’s (PRC) revised Securities Law (revised on December 28, 2019) (中华⼈民共和国证券法(2019年修订) went into effect. While the revised Securities Law affects many aspects of China’s securities law framework (including the registration of new securities for initial public offerings, disclosure requirements, and investor protection rules), a new “blocking” provision is particularly notable. Specifically, Article 177 of the revised Securities Law prohibits non-Chinese securities regulators from conducting investigations within China and prevents Chinese individuals and entities from providing information to such regulators without first receiving approval from the China Securities Regulatory Commission and/or other competent departments under the State Council.

(more…)

EmailShare
08 October 2020

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

On October 1, 2020, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory that highlights the risk of potential U.S. sanctions law violations if U.S. individuals and businesses comply with ransomware payment demands.1

Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. Payment is often demanded in bitcoin, and thus third-party services are often used to make such payments. Increasingly, ransomware attacks not only lock data up but steal data from the victim and threaten to publish sensitive files belonging to victims. According to OFAC, ransomware attacks have been increasing over the last two years and are a special risk during the COVID-19 pandemic, with cybercriminals targeting not only large corporations but also small to medium enterprises, hospitals, schools, and local government agencies.2

(more…)

EmailShare
29 September 2020

An Early Recap of Privacy in 2020: A US Perspective

*This article was adapted from “Global Overview,” appearing in The Privacy, Data Protection and Cybersecurity Law Review (7th Ed. 2020)(Editor Alan Charles Raul), published by Law Business Research Ltd., and first published by the International Association of Privacy Professionals Privacy Perspectives series on September 28, 2020.

Privacy, like everything else in 2020, was dominated by the COVID-19 pandemic. Employers and governments have been required to consider privacy in adjusting workplace practices to account for who has a fever and other symptoms, who has traveled where, who has come into contact with whom, and what community members have tested positive or been exposed.

As a result of all this need for tracking and tracing, governments and citizens alike have recognized the inevitable trade-offs between exclusive focus on privacy versus exclusive focus on public health and safety.

(more…)

EmailShare
27 August 2020

OCR 2020 Settlements Target HIPAA Security Rule Non-Compliance

In almost the first three quarters of 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) has settled three cases related to alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”), totaling $1,165,000.  These settlements underscore OCR’s continued focus on enforcement of the HIPAA Security Rule.

(more…)

EmailShare
15 July 2020

Partnering With Tech and Fintech Firms: Key EU/UK Regulatory Considerations for the Payments Sector

There has been a rapid increase in collaboration between fintechs and other technology firms and more traditional payment service providers (PSPs) such as banks, merchant acquirers, and money transmitters. While fintechs and technology firms are often seen as direct competitors of traditional PSPs, in a market driven by innovation, both sides of the market increasingly consider collaboration a mutually beneficial way to play to each participating firm’s strengths. For more traditional PSPs, the technologies that a fintech or technology firm develops can help enhance and streamline, and in some cases modernize, the services provided to customers. For a fintech or technology firm, partnering with a PSP can provide an efficient and effective way to expand into the payment services market, particularly for customers who are more inclined to use traditional PSPs.

Regulators are monitoring these developments with growing interest and with an eye to potential risks to customers and markets as well as their ability to supervise regulated firms and their operations. This post highlights a number of EU/UK regulatory issues that fintechs, technology companies, and PSPs should consider when collaborating with one another.

(more…)

EmailShare
21 April 2020

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

The U.S. Departments of State, the Treasury and Homeland Security and the Federal Bureau of Investigation issued a joint advisory (the Advisory) on April 15, 2020, discussing the threat to the international community posed by cyberattacks linked to the Democratic People’s Republic of Korea (North Korea), in particular highlighting concerns for the financial services sector. North Korea has been subjected to comprehensive international sanctions implemented to pressure its government to denuclearize. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has implemented additional unilateral sanctions in response to other North Korean activities, including cyberattacks, human rights violations and money laundering. In addition to broad prohibitions on trade with North Korea, U.S. sanctions bar domestic financial institutions from conducting or facilitating any significant transaction in connection with trade with North Korea or on behalf of any person whose property has been blocked under executive orders imposing sanctions on North Korea. Foreign financial institutions risk secondary sanctions for engaging in the same. (more…)

EmailShare
03 April 2020

COVID-19: Dealing with Vendors – Privacy and Supply Chain Issues

The COVID-19 global pandemic presents unique legal and practical challenges for businesses across all industries, including with respect to ongoing relationships with vendors and suppliers – whether this relates to information security, privacy compliance, business continuity and contractual issues, such as in relation to force majeure.

In this webinar, we will highlight some of the key issues companies are facing when dealing with supply chain and vendor contracts, and how their concerns can be mitigated.

(more…)

EmailShare
26 March 2020

WEBINAR – COVID-19 – European and U.S. Cybersecurity Issues: Preventing and Responding to Cyber Incidents

Join OneTrust DataGuidance and Sidley for a webinar discussing COVID-19 and European and U.S. cybersecurity and cyber risk insurance issues.

The COVID-19 global pandemic presents unique legal and practical challenges for companies across all industries, including with respect to cybersecurity risks and protections. There are increased cyber vulnerabilities from insider and external threat actors, including cyber attacks on individuals and companies.

In this webinar, we will highlight the dynamic and evolving cybersecurity threats companies face as a result of the pandemic, and the global legal implications of a cyber breach in this new environment – and how they can reduce these risks, and effectively respond to a cyber incident.

(more…)

EmailShare
24 March 2020

COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps

The COVID-19 crisis has created significant cybersecurity risks for organizations across the world, particularly arising from remote working, scams and phishing attacks, and weakened information governance controls. These risks warrant attention by legal counsel and information security officers in light of potentially significant adverse legal, financial and reputational consequences that could arise – all while the organization is dealing with effects of a global pandemic.

In addition to identifying the cybersecurity risks, we also consider key measures that organizations can consider adopting to reduce such risks, including measures recommended by the UK’s National Cybersecurity Centre (NCSC), EU’s Agency for Cybersecurity (ENISA) and the US Federal Bureau of Investigation.  The speed at which the COVID-19 crisis has evolved has meant that many organizations have not been able to deploy effective risk-reducing measures in a timely manner.

(more…)

EmailShare
20 March 2020

Working and Executing Contracts From Home: U.S. eSignatures in the COVID-19 Era

Social distancing imperatives and the resulting surge in remote work polices have led to increased demand for the use of electronic signatures in commercial transactions. Although the method of execution is just one factor to consider when determining the validity and enforceability of a contract, electronic signatures — when appropriately deployed — can provide a convenient replacement for manual wet-ink signatures in many transactions. The U.S. Electronic Signatures in Global and National Commerce Act (E-SIGN), as well as the widespread adoption at the state level of the Uniform Electronic Transactions Act (UETA) or comparable electronic signature laws, provide that electronic signatures and electronic records cannot be denied legal effect, validity or enforceability solely because they exist in electronic form. As workforces suddenly shift to remote operations with siloed employees lacking access to typical office services, yet still facing the same business needs and time demands, companies are reevaluating their electronic signature and records policies and technologies.

(more…)

EmailShare
1 2 3 14
XSLT Plugin by BMI Calculator