Tag Archives: Information Security

Deeper Dive: Incorporating Incident Response Into Disaster Recovery Plans

Photo of M. Scott KollerBy M. Scott Koller on Posted in Cybersecurity, Ransomware
Incident response and disaster recovery are both essential components of a comprehensive written information security program. However, too often these plans are implemented in a vacuum, without considering the potential synergies and improvements that can be gained when such plans are developed, deployed and tested together. Incident response and disaster recovery tend to have the … Continue Reading

Colorado Proposes Cybersecurity Requirements for Investment Advisers and Broker-Dealers

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Financial Privacy, Information Security
On March 27, 2017, the Colorado Department of Regulatory Agencies proposed changes to the Colorado Securities Act that would impose new cybersecurity requirements on investment advisers and broker-dealers (the “Proposed Rule”). Among other obligations, the Proposed Rule would require these entities to include cybersecurity as part of their risk assessments, and establish and maintain written … Continue Reading

FTC’s $2.2m Smart TV Settlement Signals Continued IoT Enforcement Focus

Photo of Melinda L. McLellanBy Alan L. Friel and Melinda L. McLellan on Posted in Behavioral Advertising, Big Data, Enforcement, Information Security, Internet of Things, Marketing, Online Privacy
On February 6, 2017, the Federal Trade Commission announced that it had settled charges against VIZIO, Inc., a consumer electronics manufacturer of Internet-connected televisions. The FTC alleged that VIZIO unfairly tracked sensitive TV viewing data of millions of American consumers, and deceptively failed to disclose how the collected data was being used. This action was … Continue Reading

Finalized New York Department of Financial Services Cybersecurity Regulation to Take Effect March 1

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy, Information Security
On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take effect on March 1, 2017. This final iteration, issued following an additional 30-day comment period, is in large part the same as the revised version dated … Continue Reading

FTC Goes After IoT Device Manufacturer for Alleged Security Vulnerabilities in Routers, IP Cameras

Photo of Melinda L. McLellanBy Melinda L. McLellan and Kathryn Mellinger on Posted in Enforcement, Internet of Things
On January 6, the Federal Trade Commission (FTC) announced that it had filed a complaint against Taiwanese D-Link Corp. and its U.S. subsidiary, D-Link Systems Inc. (D-Link), alleging the company made deceptive claims about the security of its products and engaged in unfair practices that put U.S. consumers’ privacy at risk. The case is noteworthy for … Continue Reading

A Deeper Dive: Regulatory Investigations Following a Reported Breach

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Incident Response, Information Security
In our inaugural Data Security Incident Response Report (the Report), we found that regulators inquired about a company’s breach 31% of the time and multi-state state Attorneys General investigations were launched less than 5% of the time. A post-breach investigation is not guaranteed. Certainly, in large, highly public incidents, companies can expect at least an … Continue Reading

Big Data Changes the Deal: Information Governance Should Now Be Incorporated Into Due Diligence for Corporate Transactions

Photo of James A. ShererBy Judy Selby and James A. Sherer on Posted in Big Data, Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. The past few years have witnessed the unprecedented rise of Big Data. Fully 90 percent of today’s data was created over just the past two years. Businesses now double the … Continue Reading

Vendor Contract Review and Cyber Risk Mitigation: How to Keep it Drama Free

By Tanya Forsheit on Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. Vendor contract review—what does that mean to you? Does it bring back bad memories? A last minute scramble to close a deal? Capitulating to oppressive limits on liability to meet … Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Photo of Pamela Jones HarbourBy Pamela Jones Harbour on Posted in Information Governance, Information Security, International Privacy Law, Online Privacy
Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European … Continue Reading

CAUTIOUSLY, EUROPE EMBRACES GOVERNMENT & ENTERPRISE CLOUD COMPUTING

Photo of BakerHostetlerBy BakerHostetler on Posted in International Privacy Law
Last week the European Commission's panel on privacy, commonly known as the Article 29 Working Party, provided long-awaited clarity (in the form of an "Opinion") on whether and how European governments and private enterprise can utilize cloud computing technology in their operations, including processing personal information and other protected data. Cloud computing is a broad term that varies in context and has been subject to hype, but generally refers to technologies and service models allowing the sharing of on-demand scalable computer resources over the internet, including software programs, computer storage space and elastic computing power. Implementing IaaS systems has allowed companies and governments to significantly reduce capital expenditures by eliminating the need for purchase and maintenance of computer infrastructure equipment. Cloud services also allow for rapid remote deployment of software and network solutions. Additionally, cloud services enable organizations to decrease reliance on developing sophisticated in-house staff since major cloud providers have trained experts monitoring the computing environment. But, because cloud computing leverages the internet and computing resources in geographically disparate locations, the technologies present serious privacy and data security risks. In addressing this fundamental concern the Opinion indicates that the principal risks are a potential lack of control over data and limited transparency into its processing. A cloud provider's infrastructure can seem opaque and lacking information ensuring the "availability, integrity, confidentiality, transparency, isolation, intervenability and portability of the data". Additionally, due to the collaborative nature of cloud computing, customers may not be aware of subcontractors in the supply chain handling their data. With due respect to the data security risk, many observers consider this to be the great triumph of cloud compuing - that is that is simply "works" without its users having to worry about the back-end.… Continue Reading
LexBlog