Tag Archives: 2019 Data Security Incident Response Report Deeper Dive

Deeper Dive: GLBA-Regulated Financial Institutions Reduce Your Cybersecurity Risk With Rigorous Oversight of Third-Party Service Providers

By Eulonda Skyles on May 8, 2019 Posted in Data Security Incident Response

Financial institutions that are subject to the Gramm-Leach Bliley Act (GLBA) can find practical tips that address their unique data security challenges in the 2019 Data Security Incident Report (DSIR). It appears that money remains a strong motivating force for many threat actors. According to the 2019 report, finance and insurance remain among the sectors … Continue Reading

Deeper Dive: Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

By Janine Anthony Bowen on May 7, 2019 Posted in Data Security Incident Response

There is always significant negotiation around caps on liability when negotiating a contract with a technology vendor. If the vendor will have access to the personal information of its customers’ end users (regardless of whether the end users are employees or customers), treatment on caps on liability take on heightened importance. In fact, limitations of … Continue Reading

Deeper Dive: The Landscape of Healthcare Data Breaches

By Lynn Sessions, Patrick H. Haggerty and Kimberly Gordy on April 24, 2019 Posted in HIPAA/HITECH, Medical Privacy

Healthcare was the industry most affected by data breaches in 2018. We worked on nearly 200 healthcare matters involving multispecialty academic medical centers, hospital systems, small and large physician practices, small and large health insurers, and biotech and pharmaceutical companies. In 2018, health information alone was just behind Social Security numbers (which can also be … Continue Reading

Deeper Dive: Choose the Right Forensics Firm for the Job

By Eric A. Packel and Will R. Daugherty on April 17, 2019 Posted in Data Breaches, Forensics

Forensics are a key component of many data incident investigations. The importance of forensics cannot be overstated. In fact, in 2018, 65% of the incidents we handled involved some type of forensic investigation. Forensics firms can not only help determine what happened in a data incident but can also provide recommendations for containment and mitigation. … Continue Reading

Deeper Dive: GDPR a Game-Changer for Data Breach Notification

By Laura E. Jehl and Andreas Kaltsounis on April 8, 2019 Posted in Data Breach Notification Laws, Data Security Incident Response, GDPR

When the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it dramatically changed the way multinationals manage the reporting of personal data breaches. It also substantially raised the stakes: Entities found to have violated the GDPR’s data security and breach reporting obligations could face much steeper regulatory fines than those available … Continue Reading