Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

2015 BakerHostetler Security Incident Response Report Provides Insight Beyond Technical Incidents

Posted in Cybersecurity, Data Breaches, HIPAA/HITECH, Incident Response, Information Security, Infrastructure, Retail Industry
There is no longer a debate – security incidents are inevitable. Organizations are working to be better prepared to respond when the first sign of an incident is detected (often at 4:30 p.m. on a Friday). So what kind of incidents should they prepare for and how should they prepare? Annual reports from forensic investigation… Continue Reading

Lloyd’s Report Highlights Risk of Cyberattacks on National Power Grid

Posted in Cybersecurity, Infrastructure
A sophisticated cyberattack on the U.S. power grid could cause nearly $250 billion in economic losses and, under the most severe circumstances, cost more than $1 trillion to the U.S. economy, according to a recent report prepared by Lloyd’s and the University of Cambridge Centre for Risk Studies. The Business Blackout Report considers the impacts… Continue Reading

An Ounce of Prevention Is Better (and Cheaper) Than a Pound of Cure: It’s time for a data protection checkup.

Posted in Cybersecurity, Incident Response, Information Governance, Online Privacy
We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible… Continue Reading

A Deeper Dive: Risk Assessments Are a Necessary Step in Creating Layered Cyber Defenses

Posted in Cybersecurity, Incident Response, International Privacy Law
We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Tens of thousands of cyber attackers employed by Chinese People’s Liberation Army and other employees and contractors of the Chinese Ministry of State Security work… Continue Reading

Lost, Unencrypted Laptop Leads FINRA to Fine a Broker-Dealer $225,000 for Violating Reg S-P

Posted in Cybersecurity
With the recent focus by the SEC and FINRA on cybersecurity for broker-dealers and investment advisers as a backdrop, FINRA recently brought and settled an enforcement action under SEC Regulation S-P against broker-dealer Sterne, Agee & Leach, Inc. The case arose from a May 2014 incident in which a Sterne information technology employee inadvertently left… Continue Reading

2015 BakerHostetler Incident Response Report Shows One in Five Breaches Involved Paper Records

Posted in Cybersecurity, Data Breach Notification Laws, Data Breaches, Incident Response
BakerHostetler’s inaugural Data Security Incident Response Report offers a wealth of information regarding the causes of data security breaches, the manner in which those incidents are handled, and the legal and regulatory aftermath for affected companies. Among the Report’s interesting takeaways is a rebuttal of the popular assumption that data security incidents are all about… Continue Reading

Obama Administration Recognizes Cyber Threats to U.S. Critical Infrastructure as a National Emergency

Posted in Cybersecurity
Many cybersecurity experts have warned that the United States is already engaged in covert cyber warfare against hostile actors around the world. The latest cybersecurity Executive Order reflects formal recognition that, regardless of whether we call it war, cyber threat activity directed at U.S. critical infrastructure has created a national emergency. Exercising authority granted by… Continue Reading

BakerHostetler Recognized in LA Daily Journal’s Top Appellate Reversals of 2014

Posted in Cybersecurity, Data Breaches
A precedent-setting decision in a class action case alleging privacy violations under California’s Confidentiality of Medical Information Act (CMIA), litigated by our BakerHostetler team, was recognized by the LA Daily Journal as one of the “Top Appellate Reversals of 2014.” The lawsuit was filed against Eisenhower Medical Center (EMC) following the theft of a computer containing patient… Continue Reading

FTC Director Jessica Rich Discusses Privacy and Data Security at BakerHostetler Symposium

Posted in Cybersecurity, Events
On February 26, 2015, Jessica L. Rich, Director of the Bureau of Consumer Protection at the Federal Trade Commission, spoke at the BakerHostetler Symposium on Section 5 of the FTC Act on how the FTC approaches privacy and data security. Director Rich’s comments on this subject were particularly timely, with the Third Circuit poised to… Continue Reading

Time for an Updated Cyber Risk Approach; BPI Data Breach

Posted in Cybersecurity
Authored by Judy Selby and George Viegas* Our traditional approach to cyber risk and security has been focused on privacy and financial data. The data breach or loss concerns that typically rank high on our risk ratings are private and confidential data like names and social security numbers with other identifying non-public information and financial data… Continue Reading

SEC Provides Guidance on Important Considerations for Effective and Reasonable Prevention of Cyber Attacks

Posted in Cybersecurity
As many of you know, last April the SEC issued the Cybersecurity Examination Initiative to assess the cybersecurity practices and preparedness of registered broker-dealers and investment advisers. The initiative arose from an SEC-sponsored Cybersecurity Roundtable held on March 26, 2014, which discussed the growing cybersecurity threats to our financial markets and intermediaries. Now, some nine… Continue Reading

What’s on the Horizon in the Golden State?

Posted in Breach Notification, Cybersecurity, Data Breach Notification Laws, Marketing, Online Privacy
As we near the turn of the year into 2015, organizations should keep an eye on laws taking effect on the West Coast. This year, the crop of new privacy statutes includes a few without precedent anywhere in the country. The focus? Kids and security. Following are a few examples of new California laws taking… Continue Reading

Managing Your Health Information Risks Should Not Begin After a Breach Is Reported

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. Our attorneys have written about specific examples of those services. Healthcare is plagued by a high frequency of reported breaches. Although they are often caused by employees making mistakes, such as misdirecting a fax or losing a thumb drive, we are seeing more and… Continue Reading

Cross-Border Data Transfers: Cutting Through the Complexity

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. With the rise of the global economy and the reach of the Internet, many businesses now have customers and data from around the world, if not offices and employees in… Continue Reading

CFTC Chairman Provides Guidance on Cybersecurity

Posted in Cybersecurity
On November 5, 2014, the Chairman of the Commodity Futures Trading Commission, Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014. Part of Chairman Massad’s remarks focused on the importance and oversight of cybersecurity and business continuity disaster recovery for the financial institutions, exchanges, and markets that the Commission regulates. Specifically,… Continue Reading

HHS Provides Guidance on HIPAA Privacy in Emergency Situations Such as Ebola

Posted in Cybersecurity, HIPAA/HITECH, Medical Privacy
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. In the wake of the recent Ebola outbreak, the U.S. Department of Health and Human Services (“HHS”) has issued a guidance on how the Health Insurance Portability and Accountability Act… Continue Reading

To Avoid Claims, Assess Privacy Impacts of Marketing and CRM

Posted in Big Data, Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. Big data and the interactivity of digital marketing are powerful tools for marketers, but consumer data protection laws have evolved in recent years, resulting in new and heightened compliance and… Continue Reading

Big Data Changes the Deal: Information Governance Should Now Be Incorporated Into Due Diligence for Corporate Transactions

Posted in Big Data, Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. The past few years have witnessed the unprecedented rise of Big Data. Fully 90 percent of today’s data was created over just the past two years. Businesses now double the… Continue Reading

Data Security Risk Assessments

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. BakerHostetler lawyers have helped hundreds of businesses and other organizations respond to security incidents each year, many of which lead to regulatory investigations, class action lawsuits, or both. We see… Continue Reading

Vendor Contract Review and Cyber Risk Mitigation: How to Keep it Drama Free

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. Vendor contract review—what does that mean to you? Does it bring back bad memories? A last minute scramble to close a deal? Capitulating to oppressive limits on liability to meet… Continue Reading

Building Relationships with Your Regulators

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. One of the last recommendations clients like to hear from their lawyer is, “Let’s call the regulators.” Building relationships with regulators when it comes to privacy and security issues… Continue Reading