Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Where Next for Outsourcing?

As we look around in the mid part of 2018, the outsourcing industry is in something of a state of flux. There are certainly plenty of challenges. In the UK at least (and particularly vis-à-vis the public sector), a harsh spotlight is being shone on outsourcing. Similarly, the wider global movement towards protectionism and national … Continue Reading

Colorado adopts new cybersecurity rules applicable to broker-dealers and investment advisors: key features

The Colorado Division of Securities has adopted new cybersecurity rules applicable to broker-dealers purchasing securities in the state and investment advisers who do business in the state. The rules, which are substantially less prescriptive than the NYDFS Cybersecurity Regulations  came into effect on July 15.  The rules establish general guidelines for reasonable cybersecurity practices and … Continue Reading


President Donald Trump recently signed an Executive Order on cybersecurity, “Strengthening the Cybersecurity Federal Networks and Critical Infrastructure.”  The EO is divided into sections on: cybersecurity of federal networks cybersecurity of critical infrastructure (CI) to support CI at greatest risk cybersecurity risks to the defense industrial base strategic options for deterrence and protection of the … Continue Reading

NTIA Request for Comment on Resilience Against Botnets

President Trump recently issued Executive Order 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which included a section on Resilience Against Botnets and Other Automated, Distributed Threats.  The Executive Order requires the Departments of Commerce and Homeland Security to produce a report on Botnets based on industry and other stakeholder input.  As … Continue Reading

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business

Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be … Continue Reading

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only … Continue Reading

New York AG Announces Record Year for Data Breaches in New York – and Updates Guidance on Reasonable Security Measures

Written by Michelle Anderson and Anne Kierig New York Attorney General Eric Schneiderman announced that his office received a record number (1,300) of data breach notices in 2016. In the press release, Attorney General Schneiderman also provided a list of recommendations for how organizations can help protect sensitive personal data—a list that could be used … Continue Reading

FRANCE: The French Data Protection Authority (CNIL) Publishes 6-Step Methodology For Compliance With GDPR

Written by Carol Umhoefer and Caroline Chancé  On March 15, 2017, the CNIL published a 6-step methodology for companies that want to prepare for the changes that will apply as from May 25, 2018 under the EU the General Data Protection Regulation (“GDPR”). The abolishment under GDPR of registrations and filings with data protection authorities … Continue Reading

Consumer Reports Begins Cybersecurity Evaluations

Consumer Reports (CR) announced on March 6, 2017, that it is developing a new standard—The Digital Standard—for safeguarding consumers’ security and privacy. The eventual goal is for CR to use the Standard to evaluate and rate consumer products. By scoring products based on certain Standard criteria, CR aims to help consumers make informed purchasing decisions … Continue Reading


Guidance on who is a “key information infrastructure operator” under the PRC Cybersecurity Law, and draft regulations on handling minors’ data In the rapidly evolving data protection compliance environment in the People’s Republic of China, this month has seen some helpful clarification around two areas of uncertainty – namely:  some further indications as to whom … Continue Reading

NIST Issues Draft Update to Cybersecurity Framework

Written by Jim Halpert and Michelle Anderson The National Institute of Standards and Technology (NIST) released proposed revisions (draft Version 1.1) to its Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework”) on January 10, 2017. The latest draft is intended to “refine, clarify, and enhance” Version 1.0, released in February 2014 in response to Executive … Continue Reading

Blog Post: Swiss-US Privacy Shield Adopted, Aligns with EU-US Privacy Shield

Written by Michelle Anderson The Department of Commerce International Trade Administration and Swiss Federal Council announced on January 11, 2017, the creation of a Swiss-US Privacy Shield framework that will “apply the same conditions as the European Union” under the EU-US Privacy Shield framework. This is welcome news for companies that transfer personal data from … Continue Reading

Presidential Commission Issues Recommendations for Improving Public and Private Sector Cybersecurity

Written by James Duchesne The President’s Commission on Enhancing National Cybersecurity (the “Commission”) recently issued a thoughtful report on improving the United States’ cybersecurity posture.  (The full report can be read here.)  The majority of the Commission’s recommendations would require action by the Trump Administration but may nonetheless prove influential.   The Commission was charged under … Continue Reading

U.S. Financial Regulators Propose Sweeping New Cybersecurity Regulations

Written by Sydney White The U.S. Board of Governors of the Federal Reserve System, the U.S. Office of the Comptroller of the Currency (OCC), and the U.S. Federal Deposit Insurance Corporation (the “Agencies”), released an Advanced Notice of Proposed Rulemaking (“ANPR”) on October 20, requesting comments by January 17, 2017, on enhanced cybersecurity risk management … Continue Reading

HONG KONG – HONG KONG’s Privacy Commissioner addresses privacy compliance and best practice for BYOD

Written by Scott Thiel Following the publication of industry-specific BYOD guidelines such as those issued by the Hong Kong Association of Banks (the “HKAB Guidelines“), the trend towards Bring Your Own Device (“BYOD“) has come to the attention of Hong Kong’s Privacy Commissioner. The Commissioner published an information leaflet on 31 August 2016 (the “Information … Continue Reading

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises

Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York  Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal … Continue Reading

CHINA: Yet more changes proposed to China cyber and data security laws

Written by Scott Thiel China’s cybersecurity and data privacy frameworks are facing yet more significant changes, as in recent weeks the Chinese Government has announced two further initiatives. These are in addition to the significant legal developments that we highlighted in July 2016. Strengthening the standardisation of national cyber security: The Cyberspace Administration of China … Continue Reading

Risks in Interbank Messaging Platforms – Lessons Learned for Non-banks

Written by James Duchesne As detailed in press reports over the past several months, sophisticated hackers have used trusted interbank messaging systems to initiate fraudulent transactions resulting in the theft of tens of millions of dollars. Hackers using stolen credentials accessed secure messaging systems to initiate fraudulent transfers after hours, making them appear to come … Continue Reading

FTC Mobile Health Apps Announcement Reinforces Likely Increased Scrutiny of Mobile Health Apps

Written by Peter McLaughlin and Michelle Anderson The U.S. Federal Trade Commission (FTC) recently announced its creation of a Mobile Health Apps Interactive Tool, a web-based tool designed to help developers of mobile health (mHealth) applications understand which federal laws and regulations they should consider in developing their apps[1]. While the tool is helpful as … Continue Reading

NTIA Seeks Comment on IoT Issues

The National Telecommunications and Information Administration (“NTIA”) has sought comment on a broad range of issues related to the advancement and regulation of the Internet of Things (“IoT”), including technological challenges/benefits of IoT, definitional issues, privacy, and cybersecurity related issues, among others. NTIA will use the information to produce a “green paper” in which it intends … Continue Reading

2016 – Main trends on Cybersecurity

Written by Giangiacomo Olivi While many are not yet aware of the full breadth of the cybercrime phenomenon (cybercrime globally generates more revenues and is more profitable than drug trafficking!), there is a general consensus about the fact that certain breaches cannot be avoided. With a proliferation of connected devices operated remotely and a more … Continue Reading

Wire transfer phishing − an old scam returns: simple steps to protect your organization

Written by Tara McGraw Swaminatha and Christopher Scott Companies around the world are seeing the resurgence of an old scam: wire transfer phishing attacks that trick employees into wiring money from company bank accounts to criminals’ bank accounts. Over the past several months, many companies have lost millions of dollars to such relatively simple attacks. … Continue Reading

Update: Cybersecurity Information Sharing Legislation

Written by Sydney White Senate consideration of cybersecurity information sharing legislation, the Cybersecurity Information Sharing Act (CISA), S. 754, has again been delayed this time until the Senate returns from August recess.  The delay is attributable to the lengthy debate required on the highway bill rather than opposition to the bill from within the Senate. … Continue Reading