Proskauer on Privacy

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

SolarWinds: A Lesson on How Companies Victimized by Data Breaches Can Quickly Become the Target of Litigation and Regulatory Investigations

In 2020, SolarWinds Corp., a company that provided information technology software to private and government entities, was the victim of a cybersecurity breach.  Russian hackers are believed to have slipped malicious code into a SolarWinds software product called Orion, which was then used to infect, and in certain cases, compromise, SolarWinds customers.  As a consequence, … Continue Reading

Held to Ransom: How Cyberattacks Can Become a Legal and Regulatory Odyssey for a Private Investment Fund

Where business-critical information or platforms are at stake, many commercial parties will seriously consider immediately paying the ransom hoping to regain control of operations, secure client data and avoid continued business disruption and negative publicity. However, businesses may wish to pause. Cyberattacks, by their very nature, know no borders and nor therefore should a private … Continue Reading

DOJ’s Civil Cyber-Fraud Initiative Secures More Than $9 Million in Two False Claims Act Settlements for Alleged Cybersecurity Violations

Last fall, the United States Department of Justice (“DOJ”) launched its Civil Cyber-Fraud Initiative (“CCFI”) as part of its effort to “combat new and emerging cyber threats to the security of sensitive information and critical systems.” Led by the Civil Fraud Section of DOJ’s Commercial Litigation Branch, the CCFI leverages the False Claims Act (“FCA”) … Continue Reading

Department of Health and Human Services Issues Request for Information on Cybersecurity Standards

The Department of Health and Human Services (“HHS”) has issued a formal request for information from the public about how regulated entities are implementing industry recognized security practices. The request for information represents a chance for the private sector to contribute to HHS regulation. Interested parties have until June 6, 2022 to submit comments. HHS … Continue Reading

Noteworthy Trends in Privacy and Data Security

Reports of sophisticated cyberattacks and ransomware threats dominated 2021 headlines, along with evolving state data privacy laws in the absence of comprehensive federal data protection regulation. Cross-border data transfers between the EU and US still lack a clear, streamlined mechanism while national authorities continue to negotiate an EU-US Privacy Shield replacement. The past year also … Continue Reading

English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack

In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for compensation for distress relating to a cyber-security breach where … Continue Reading

INDEPTH: Data Protection & Privacy Laws 2021

A heightened risk for cyberattacks and data breaches calls for companies to remain diligent as they navigate a patchwork of federal, state, local and sector-specific privacy and data protection laws, regulations and guidance. For Financier Worldwide, Margaret A. Dale and Ryan P. Blaney deliver commentary on the evolving landscape and offer considerations for companies looking … Continue Reading

Navigating the New Standard Contractual Clauses for International Data Transfers under the GDPR

The final version of the new standard contractual clauses (“SCCs”) were published by the European Commission on June 4, 2021. Many organizations that transfer or receive personal data originating in the European Economic Area (“EEA”) outside the EEA will be required to implement these SCCs with their customers, suppliers and affiliates by December 2022 to … Continue Reading

U.S. Department of Labor Steps into the Cybersecurity Discussion

Formally wading into the cybersecurity discussion for the first time, on April 14, 2021, the U.S. Department of Labor (DOL) posted on its website a suite of new guidance, including Tips for Hiring a Service Provider with Strong Cybersecurity Practices, Cybersecurity Program Best Practices, and Online Security Tips for Participants and Beneficiaries. By way of background, cybersecurity has … Continue Reading

Notable Trends in Privacy and Data Security

COVID-19, the California Consumer Privacy Act (CCPA) coming into force, and the invalidation of the EU-US Privacy Shield already made 2020 an especially active year for privacy and data security risks and obligations. Rounding out the year, December then brought discovery of the unprecedented Solarwinds cyberattack affecting government agencies, critical infrastructure entities and others. Thus, looking ahead, … Continue Reading

SolarWinds Vendor Supply Chain Attack: A Timely Reason to Review Procedures for Risk Assessments and Vendor Contracts

As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product, known as Orion, helps organizations manage their networks, servers, and networked devices. The hacker concealed malware inside a software update that, when installed, allowed the hacker to perform reconnaissance, elevate … Continue Reading

Regulatory Crackdown on Ransomware

In recent years, Ransomware has evolved from merely encrypting files/disabling networks in solicitation of ransom, to sophisticated attacks that often involve actual data access, theft and sometimes, the threat of publication. These sophisticated malware attacks frequently destroy backups and provide criminals even more leverage over their victims, coercing them to pay ransoms.  Ransomware does not … Continue Reading

Cybersecurity: SEC and Other Regulators

In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further vulnerabilities for companies. Companies should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the … Continue Reading

Trends in Privacy and Data Security

Privacy and cybersecurity remain top priorities for regulators and companies alike, as the threats posed by large-scale data breaches and other cyber incidents show no signs of waning. Companies and their counsel must monitor privacy and data security-related enforcement trends, new laws and regulations, and key emerging issues to mitigate risks and minimize potential liability. … Continue Reading

FTC Ramps up COVID-19 Activity After Improving its Data Security Enforcement Orders

With the spread of the novel coronavirus (COVID-19), cybersecurity criminals and scammers are ramping up their efforts to target vulnerable employers and workforces. The FTC announced today that since January they have received more than 7,800 fraud complaints from consumers related to the COVID-19 pandemic. But the FTC isn’t slowing down either. Even with the … Continue Reading

SEC Charges Broker-Dealer and Investment Adviser with Violations of the Safeguards Rule and Identity Theft Red Flags Rule

In September 2018, the Securities and Exchange Commission (“SEC”) announced that broker-dealer and investment adviser Voya Financial Advisors Inc. (“VFA”) agreed to pay $1,000,000 to settle charges related to alleged failures in its cybersecurity policies and procedures relating to a data breach that compromised the personal information of 5,600 customers. The SEC charged VFA with … Continue Reading

New York DFS Cybersecurity September 2018 Deadline

The New York Department of Financial Services cybersecurity regulation 23 NYCRR 500 (the “Regulation”) came into effect in March 2017 and established four staggered compliance deadlines for its various requirements. By the third deadline of September 3, 2018, Covered Entities are required to be in compliance with sections 500.06 (audit trails), 500.08 (application security), 500.13 … Continue Reading

A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements

In November 2017, New York Attorney General Eric Schneiderman introduced the Stop Hacks and Improve Electronic Data Security (SHIELD) Act (the “Act”) in the state’s Legislature. Companies – big and small – that collect information from New York residents should take note, as the Act could mean increased compliance costs, as well as potential enforcement actions for those that … Continue Reading

SEC Issues Updated Guidance on Public Company Cybersecurity Disclosures

On February 21, 2018, the Securities and Exchange Commission (SEC) issued an interpretive Commission Statement and Guidance on Public Company Cybersecurity Disclosures (the “Guidance”) to assist public companies in meeting their cybersecurity disclosure requirements under the federal securities laws. The Guidance notes that, as reliance on networked systems and the Internet have increased, so too have the risks … Continue Reading

Colorado and Vermont Adopt Cybersecurity Rules Covering Broker-Dealers and Investment Advisers

State financial regulators in Colorado and Vermont recently adopted cybersecurity rules that apply to broker-dealers and investment advisers regulated by those states as well as certain other “securities professionals” in Vermont. The broad definition of “securities professional” in Vermont’s regulation (“any person providing investment-related services in Vermont”) could include entities that do not generally consider … Continue Reading

A Primer on China’s New Cybersecurity Law: Privacy, Cross-Border Transfer Requirements, and Data Localization

China’s new Cybersecurity Law is one of the most important pieces of privacy and cybersecurity legislation we’ll see this year, and companies of all sizes need to be aware of its requirements – regardless of whether or not they have a physical presence in China. The new law goes into effect on June 1, 2017, … Continue Reading
LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK