Tuesday, December 1, 2020

Subscribers Only

Free

Are Cybersecurity Lawyers Necessary for Organizations?

This op-ed suggests companies may not need to hire a lawyer specializing in cybersecurity, but keeping one on retainer to assist when a security incident occurs might be a good idea. Cyber attorneys can bring specialized expertise for cyber breach response, insurance, forensics, and lawsuits. More at Search Security
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

How Federal Agencies Can Improve Cybersecurity with Better Data Encryption

In this commentary, Rob Roy, federal chief technology officer at HP Enterprise Security Products, says agencies can do a better job protecting their data by adopting encryption. Data-at-rest security helps when equipment is lost or stolen, but is not sufficient to protect data in transit, when sensitive information is accidentally delivered to the wrong recipient, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Webinar Provides Advice on Responding to Data Breach

In the second of three presentations, Lisa Sotto, head of the Global Privacy and Cybersecurity practice at Hunton & Williams LLP, discusses data breach notification obligations and actions to take to manage regulatory activity in the aftermath of a breach. More at Hunton & Williams
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

FTC May Have Some Cyber Jurisdiction Over Nonprofits

Although the Federal Trade Commission has traditionally lacked authority to regulate nonprofit organizations, its oversight was expanded under specific circumstances by the Fair and Accurate Credit Transactions Act, which enabled the Red Flags Rule—which requires covered entities to have plans to protect consumers from identity theft—and the Gramm-Leach-Bliley Act, which governs how financial institutions manage […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

EU General Data Protection Regulation, Binding Corporate Rules and Privacy Shield Training Requirements

In this commentary, Daniel Solove, president and chief executive officer of TeachPrivacy and a law professor at the George Washington University Law School, warns entities covered by the EU’s General Data Protection Regulation to not overlook the regulation’s requirement to train employees on privacy awareness. According to Solove, inadequate training can contribute to more privacy […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Compliance Requires Cooperation Between Legal, CISO Teams

Strong communication and cooperation between the legal and information security offices can help ensure a company keeps current on legal and regulatory requirements related to cybersecurity, and avoid some serious repercussions in the aftermath of a breach. More at Search Security
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

LabMD Appeal of FTC Action Has Wider Implications for Data Security

The outcome of LabMD’s appeal of the Federal Trade Commission’s enforcement action against it carries several implications for data security practices. If FTC wins, it likely will continue exercising its enforcement authority over data security issues, even when—as in the case of LabMD—there is no evidence of harm to consumers. The case also will clarify […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Q&A with Hogan Lovells on Security in the EU GDPR

In this interview with Varonis’ Inside Out Security Blog, Bret Cohen and Sian Rudgard from the Hogan Lovells Privacy & Cybersecurity practice discussed new data security requirements in the EU’s General Data Protection Regulation, including when a data protection impact assessment is required, when firms must consult with data protection authorities prior to processing data, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

New Bill Would Give Tax Credits for Cyber Insurance

Representative Ed Perlmutter (D-CO) has introduced a bill that would provide a 15 percent tax credit to companies that purchase data breach insurance and adopt NIST’s Cybersecurity Framework—or a similar standard approved by the Treasury Department—to protect their systems. Perlmutter also suggests the Data Breach Insurance Act (H.R. 6032) would help build a robust data […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DHS Readying Draft Cyber Incident Response Plan

The Department of Homeland Security is preparing to release a long-awaited draft of the National Cyber Incident Response Plan. In part, the plan will fill in details not addressed in Presidential Policy Directive 41, which established roles and responsibilities for federal agencies in responding to cyber incidents. The plan takes a “whole-of-nation” approach to response […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.