Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only … Continue Reading

New York AG Announces Record Year for Data Breaches in New York – and Updates Guidance on Reasonable Security Measures

Written by Michelle Anderson and Anne Kierig New York Attorney General Eric Schneiderman announced that his office received a record number (1,300) of data breach notices in 2016. In the press release, Attorney General Schneiderman also provided a list of recommendations for how organizations can help protect sensitive personal data—a list that could be used … Continue Reading

FRANCE: The French Data Protection Authority (CNIL) Publishes 6-Step Methodology For Compliance With GDPR

Written by Carol Umhoefer and Caroline Chancé  On March 15, 2017, the CNIL published a 6-step methodology for companies that want to prepare for the changes that will apply as from May 25, 2018 under the EU the General Data Protection Regulation (“GDPR”). The abolishment under GDPR of registrations and filings with data protection authorities … Continue Reading

Consumer Reports Begins Cybersecurity Evaluations

Consumer Reports (CR) announced on March 6, 2017, that it is developing a new standard—The Digital Standard—for safeguarding consumers’ security and privacy. The eventual goal is for CR to use the Standard to evaluate and rate consumer products. By scoring products based on certain Standard criteria, CR aims to help consumers make informed purchasing decisions … Continue Reading

CHINA DATA PROTECTION UPDATE (JANUARY 2017)

Guidance on who is a “key information infrastructure operator” under the PRC Cybersecurity Law, and draft regulations on handling minors’ data In the rapidly evolving data protection compliance environment in the People’s Republic of China, this month has seen some helpful clarification around two areas of uncertainty – namely:  some further indications as to whom … Continue Reading

NIST Issues Draft Update to Cybersecurity Framework

Written by Jim Halpert and Michelle Anderson The National Institute of Standards and Technology (NIST) released proposed revisions (draft Version 1.1) to its Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework”) on January 10, 2017. The latest draft is intended to “refine, clarify, and enhance” Version 1.0, released in February 2014 in response to Executive … Continue Reading

Blog Post: Swiss-US Privacy Shield Adopted, Aligns with EU-US Privacy Shield

Written by Michelle Anderson The Department of Commerce International Trade Administration and Swiss Federal Council announced on January 11, 2017, the creation of a Swiss-US Privacy Shield framework that will “apply the same conditions as the European Union” under the EU-US Privacy Shield framework. This is welcome news for companies that transfer personal data from … Continue Reading

Presidential Commission Issues Recommendations for Improving Public and Private Sector Cybersecurity

Written by James Duchesne The President’s Commission on Enhancing National Cybersecurity (the “Commission”) recently issued a thoughtful report on improving the United States’ cybersecurity posture.  (The full report can be read here.)  The majority of the Commission’s recommendations would require action by the Trump Administration but may nonetheless prove influential.   The Commission was charged under … Continue Reading

U.S. Financial Regulators Propose Sweeping New Cybersecurity Regulations

Written by Sydney White The U.S. Board of Governors of the Federal Reserve System, the U.S. Office of the Comptroller of the Currency (OCC), and the U.S. Federal Deposit Insurance Corporation (the “Agencies”), released an Advanced Notice of Proposed Rulemaking (“ANPR”) on October 20, requesting comments by January 17, 2017, on enhanced cybersecurity risk management … Continue Reading

HONG KONG – HONG KONG’s Privacy Commissioner addresses privacy compliance and best practice for BYOD

Written by Scott Thiel Following the publication of industry-specific BYOD guidelines such as those issued by the Hong Kong Association of Banks (the “HKAB Guidelines“), the trend towards Bring Your Own Device (“BYOD“) has come to the attention of Hong Kong’s Privacy Commissioner. The Commissioner published an information leaflet on 31 August 2016 (the “Information … Continue Reading

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises

Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York  Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal … Continue Reading

CHINA: Yet more changes proposed to China cyber and data security laws

Written by Scott Thiel China’s cybersecurity and data privacy frameworks are facing yet more significant changes, as in recent weeks the Chinese Government has announced two further initiatives. These are in addition to the significant legal developments that we highlighted in July 2016. Strengthening the standardisation of national cyber security: The Cyberspace Administration of China … Continue Reading

Risks in Interbank Messaging Platforms – Lessons Learned for Non-banks

Written by James Duchesne As detailed in press reports over the past several months, sophisticated hackers have used trusted interbank messaging systems to initiate fraudulent transactions resulting in the theft of tens of millions of dollars. Hackers using stolen credentials accessed secure messaging systems to initiate fraudulent transfers after hours, making them appear to come … Continue Reading

FTC Mobile Health Apps Announcement Reinforces Likely Increased Scrutiny of Mobile Health Apps

Written by Peter McLaughlin and Michelle Anderson The U.S. Federal Trade Commission (FTC) recently announced its creation of a Mobile Health Apps Interactive Tool, a web-based tool designed to help developers of mobile health (mHealth) applications understand which federal laws and regulations they should consider in developing their apps[1]. While the tool is helpful as … Continue Reading

NTIA Seeks Comment on IoT Issues

The National Telecommunications and Information Administration (“NTIA”) has sought comment on a broad range of issues related to the advancement and regulation of the Internet of Things (“IoT”), including technological challenges/benefits of IoT, definitional issues, privacy, and cybersecurity related issues, among others. NTIA will use the information to produce a “green paper” in which it intends … Continue Reading

2016 – Main trends on Cybersecurity

Written by Giangiacomo Olivi While many are not yet aware of the full breadth of the cybercrime phenomenon (cybercrime globally generates more revenues and is more profitable than drug trafficking!), there is a general consensus about the fact that certain breaches cannot be avoided. With a proliferation of connected devices operated remotely and a more … Continue Reading

Wire transfer phishing − an old scam returns: simple steps to protect your organization

Written by Tara McGraw Swaminatha and Christopher Scott Companies around the world are seeing the resurgence of an old scam: wire transfer phishing attacks that trick employees into wiring money from company bank accounts to criminals’ bank accounts. Over the past several months, many companies have lost millions of dollars to such relatively simple attacks. … Continue Reading

Update: Cybersecurity Information Sharing Legislation

Written by Sydney White Senate consideration of cybersecurity information sharing legislation, the Cybersecurity Information Sharing Act (CISA), S. 754, has again been delayed this time until the Senate returns from August recess.  The delay is attributable to the lengthy debate required on the highway bill rather than opposition to the bill from within the Senate. … Continue Reading

FTC Announces “Start with Security” Business Education Initiative; Issues Security Guidelines to Businesses

The Federal Trade Commission (“FTC”) has launched a new initiative, dubbed “Start with Security,” which is focused on assisting businesses in developing greater security to protect consumers’ personal information. To kick off the initiative, the FTC issued Protecting Personal Information:  A Guide for Business, which is based on the lessons learned from the approximately fifty (50) … Continue Reading

China Adopts the New National Security Law – A Top Legislative Effort To Control Cyber Security

Written by Scott Thiel On 1 July, 2015, the Standing Committee of the National People’s Congress, China’s top legislature, approved the new National Security Law of the People’s Republic of China (中华人民共和国国家安全法, the “New Law”) which became effective on the same day. This New Law is very high-level in its nature covering a wide range … Continue Reading

UK – CYBER SECURITY – Government and CIPS introduce cyber security training for procurement professionals

Written by JP Buckley Earlier this week in the UK, the Government launched a scheme to provide free online training to procurement professionals. Citing the high level of breaches in the UK (reported in the Government’s 2015 Information Security Breaches Survey), it has teamed up with the Chartered Institute of Procurement & Supply (CIPS) to … Continue Reading

New US sanctions program to combat cybercrimes – 3 action steps for tech companies

Written by Tara Swaminatha and Sydney White, et al. The new sanctions in President Barack Obama’s Executive Order 13694 of April 1, 2015, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” target individuals and organizations overseas who engage in cyberattacks or commercial espionage outside the US that are likely to result in a … Continue Reading
LexBlog