Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Obama Administration Recognizes Cyber Threats to U.S. Critical Infrastructure as a National Emergency

Posted in Cybersecurity, Privacy
Many cybersecurity experts have warned that the United States is already engaged in covert cyber warfare against hostile actors around the world. The latest cybersecurity Executive Order reflects formal recognition that, regardless of whether we call it war, cyber threat activity directed at U.S. critical infrastructure has created a national emergency. Exercising authority granted by… Continue Reading

BakerHostetler Recognized in LA Daily Journal’s Top Appellate Reversals of 2014

Posted in Cybersecurity, Data Breaches
A precedent-setting decision in a class action case alleging privacy violations under California’s Confidentiality of Medical Information Act (CMIA), litigated by our BakerHostetler team, was recognized by the LA Daily Journal as one of the “Top Appellate Reversals of 2014.” The lawsuit was filed against Eisenhower Medical Center (EMC) following the theft of a computer containing patient… Continue Reading

FTC Director Jessica Rich Discusses Privacy and Data Security at BakerHostetler Symposium

Posted in Cybersecurity, Events, Privacy
On February 26, 2015, Jessica L. Rich, Director of the Bureau of Consumer Protection at the Federal Trade Commission, spoke at the BakerHostetler Symposium on Section 5 of the FTC Act on how the FTC approaches privacy and data security. Director Rich’s comments on this subject were particularly timely, with the Third Circuit poised to… Continue Reading

Time for an Updated Cyber Risk Approach; BPI Data Breach

Posted in Cybersecurity, Privacy
Authored by Judy Selby and George Viegas* Our traditional approach to cyber risk and security has been focused on privacy and financial data. The data breach or loss concerns that typically rank high on our risk ratings are private and confidential data like names and social security numbers with other identifying non-public information and financial data… Continue Reading

SEC Provides Guidance on Important Considerations for Effective and Reasonable Prevention of Cyber Attacks

Posted in Cybersecurity
As many of you know, last April the SEC issued the Cybersecurity Examination Initiative to assess the cybersecurity practices and preparedness of registered broker-dealers and investment advisers. The initiative arose from an SEC-sponsored Cybersecurity Roundtable held on March 26, 2014, which discussed the growing cybersecurity threats to our financial markets and intermediaries. Now, some nine… Continue Reading

What’s on the Horizon in the Golden State?

Posted in Breach Notification, Cybersecurity, Data Breach Notification Laws, Marketing, Online Privacy
As we near the turn of the year into 2015, organizations should keep an eye on laws taking effect on the West Coast. This year, the crop of new privacy statutes includes a few without precedent anywhere in the country. The focus? Kids and security. Following are a few examples of new California laws taking… Continue Reading

Managing Your Health Information Risks Should Not Begin After a Breach Is Reported

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. Our attorneys have written about specific examples of those services. Healthcare is plagued by a high frequency of reported breaches. Although they are often caused by employees making mistakes, such as misdirecting a fax or losing a thumb drive, we are seeing more and… Continue Reading

Cross-Border Data Transfers: Cutting Through the Complexity

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. With the rise of the global economy and the reach of the Internet, many businesses now have customers and data from around the world, if not offices and employees in… Continue Reading

CFTC Chairman Provides Guidance on Cybersecurity

Posted in Cybersecurity
On November 5, 2014, the Chairman of the Commodity Futures Trading Commission, Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014. Part of Chairman Massad’s remarks focused on the importance and oversight of cybersecurity and business continuity disaster recovery for the financial institutions, exchanges, and markets that the Commission regulates. Specifically,… Continue Reading

HHS Provides Guidance on HIPAA Privacy in Emergency Situations Such as Ebola

Posted in Cybersecurity, HIPAA/HITECH
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. In the wake of the recent Ebola outbreak, the U.S. Department of Health and Human Services (“HHS”) has issued a guidance on how the Health Insurance Portability and Accountability Act… Continue Reading

To Avoid Claims, Assess Privacy Impacts of Marketing and CRM

Posted in Big Data, Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. Big data and the interactivity of digital marketing are powerful tools for marketers, but consumer data protection laws have evolved in recent years, resulting in new and heightened compliance and… Continue Reading

Big Data Changes the Deal: Information Governance Should Now Be Incorporated Into Due Diligence for Corporate Transactions

Posted in Big Data, Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. The past few years have witnessed the unprecedented rise of Big Data. Fully 90 percent of today’s data was created over just the past two years. Businesses now double the… Continue Reading

Data Security Risk Assessments

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. BakerHostetler lawyers have helped hundreds of businesses and other organizations respond to security incidents each year, many of which lead to regulatory investigations, class action lawsuits, or both. We see… Continue Reading

Vendor Contract Review and Cyber Risk Mitigation: How to Keep it Drama Free

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. Vendor contract review—what does that mean to you? Does it bring back bad memories? A last minute scramble to close a deal? Capitulating to oppressive limits on liability to meet… Continue Reading

Building Relationships with Your Regulators

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. One of the last recommendations clients like to hear from their lawyer is, “Let’s call the regulators.” Building relationships with regulators when it comes to privacy and security issues… Continue Reading

Cyber Risk Mitigation is a Year-Round Job

Posted in Cybersecurity
We enjoy the focus on cybersecurity in October as part of National Cybersecurity Awareness Month, but the risks and threats are continuous. Our Privacy and Data Protection team is excited to debut a new graphic that illustrates the proactive cyber risk mitigation and compliance services we provide to help organizations maintain year-round focus and diligence.… Continue Reading

FCC Plans $10 Million Cybersecurity Fine Against Two Telecoms

Posted in Cybersecurity
On October 24, 2014, the Federal Communication Commission (“FCC”) took a big step into the cybersecurity regulatory space when it announced its intent to assess a $10 million fine against two telecoms, TerraCom and YourTel America (“Companies”), for failing to protect the privacy of personal information the Companies collected from consumers. According to the FCC,… Continue Reading

How to Respond to SEC Inquiries Concerning Data Breach and Data Security Policies

Posted in Cybersecurity, Data Breaches, Enforcement
Every company, whether public or private, has exposure to potential data breach or theft of confidential information. When this occurs, various state and federal regulatory organizations have jurisdiction over ensuring that there is prompt, corrective, and remedial action taken by the company whose systems have been compromised. Much of the focus of articles and commentary… Continue Reading

California Continues to Regulate Privacy and Advertising to Minors in New Law Regulating School-related Online Services

Posted in Cybersecurity, Education, Enforcement
On September 29, 2014, California Governor Jerry Brown signed SB 1177 into law, effective Jan 1, 2015.  See Governor Brown Issues Legislative Update.  The new privacy and advertising regulation goes beyond FERPA, the federal student privacy law, and existing state student privacy laws that govern schools and requires them to obtain privacy protections for student… Continue Reading

New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility

Posted in Credit Card, Cybersecurity, Information Security
For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card transactions. These third parties—call center operators, payment gateways, loyalty solution providers, managed security services, data-center hosts, mobile app developers, and fraud… Continue Reading

Major Transformation in Cyber-Liability Insurance is Underway

Posted in Cybersecurity, Hacking, Insurance
Editor’s Note: the following blog post was authored by Ben Beeson from Lockton Companies LLC In the beginning The emergence of the Internet as a business platform at the end of the nineties also announced the arrival of new risks to organizations. In those early days, there was a widely held belief that the primary concern was operational,… Continue Reading