Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Broker-Dealers and Investment Advisers Now Targeted by Both Cyber Intruders and SEC Cybersecurity Examiners

Posted in Cybersecurity, Data Brokers
The following BakerHostetler Executive Alert was authored by: Andrew W. Reich and Jonathan A. Forman Cybersecurity has increasingly become a critical issue for all types of businesses, few more so than broker-dealers, investment advisers and others in the financial sector. The cyber threat is much broader than customer data privacy as addressed by the Securities … Continue Reading

Privacy Law in a Nutshell

Posted in Cybersecurity, Federal Legislation, Information Security, International Privacy Law, Marketing, Privacy
BakerHostetler Privacy and Data Protection Partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the U.S., and virtually all businesses face privacy considerations, particularly as technology and the law evolves.  The Privacy Nutshell is … Continue Reading

Governing Big Data

Posted in Cybersecurity, HIPAA/HITECH, Information Governance, Information Security, Privacy, Uncategorized
Sources and volumes of data are growing exponentially.  Website clicks, social media, sensors, and card swipers are generating massive amounts of data every second.  More and more enterprises are beginning to collect and utilize this Big Data for all kinds of purposes, including improved business intelligence, targeted marketing and fraud detection.  With so much attention … Continue Reading

Webinar Recording – Implementation of the Cybersecurity Executive Order

Posted in Cybersecurity
In issuing the Cybersecurity Executive Order last February, President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” Now, important benchmarks in implementing this Executive Order have been reached. … Continue Reading

New DoD Rule Promotes Voluntary Sharing of Cyber-Security Threat Information Between DoD and Defense Contractors

Posted in Cybersecurity
Co-authored by: Alan Pate On October 22, 2013, the Department of Defense (DoD) published its Final Rule establishing a program for promoting voluntary sharing of cyber threat information between the DoD and government contractors. The DoD intends this information sharing program to “enhance and supplement” participating defense contractors’ capabilities to safeguard DoD information.  Unlike failed … Continue Reading

SEC To Issue Stronger Cybersecurity Guidance?

Posted in Cybersecurity, Data Breach Notification Laws
In February we wrote about whether Facebook’s IPO would set the tone under the SEC’s then-relatively new cybersecurity disclosure guidance. In subsequent months, it has become apparent that this guidance is still not yielding the level of disclosure on cybersecurity matters that regulators want. This is especially true with respect to the disclosure of past … Continue Reading

LXBN TV Interview: What Companies Should Do to Prepare for Implementation of Cybersecurity Executive Order

Posted in Cybersecurity
Following up on a recent post discussing this very subject, Jerry Ferguson, blog contributor and Co-Leader of BakerHostetler’s Privacy and Data Protection Team had the opportunity to speak with Colin O’Keefe of LXBN regarding the cybersecurity executive order. In the brief interview, Ferguson explains why companies shouldn’t simply ignore the order and what they should do now to prepare for … Continue Reading

FTC Databook Highlights Consumer Fraud

Posted in Cybersecurity, Identity Theft, Information Security, Online Privacy
The FTC last week announced the release of the Consumer Sentinel Network Databook for January – December 2012.  The “Consumer Sentinel Network” is the FTC’s platform for law enforcement collaboration on issues affecting consumers. The program collects data from a wide range of sources, providing a comprehensive, nationwide picture of consumer complaints. Given the possible existence … Continue Reading

What You Should Be Doing Now to Prepare for Implementation of the Cybersecurity Executive Order

Posted in Cybersecurity
Co-Authored by: Theodore J. Kobus III A tempting response to the Cybersecurity Executive Order (the “Order”), announced by President Obama at his State of the Union address, is to ignore it.  It is vague in key particulars, such as which companies are part of the “critical infrastructure” and therefore subject to the Order.  The only … Continue Reading

APT Threat Report Shows Cybersecurity Risks Not Limited to Identity Theft

Posted in Cybersecurity
We often talk to companies who believe they are an unlikely target for hackers because they do not have financial account information, Social Security numbers, or medical information.  However, personal information is not the only item hackers are after.  Indeed, the chief of the United States Cyber Command and director of the National Security Agency … Continue Reading

Recorded Webinar: New Cybersecurity Executive Order

Posted in Cybersecurity
     Recorded Webinar:New Cybersecurity Executive Order President Obama has declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” In an increasingly interconnected and interdependent world, the threats posed by … Continue Reading

Rockefeller Releases Results of Fortune 500 Survey on Cybersecurity

Posted in Cybersecurity, Online Privacy
Back in September, I posted here about Senate Commerce Committee Chairman John D. Rockefeller’s (D-WV) letters to all FORTUNE 500 companies inquiring about business opposition to cybersecurity legislation.  This morning, Rockefeller released a report by his staff summarizing the gist of the roughly 300 responses he’s received to date.  The report does not mention any … Continue Reading

Cybersecurity Bill Fails Again In Senate

Posted in Cybersecurity, Federal Legislation
Yesterday evening, the Senate again failed to move forward on the Cybersecurity Act of 2012, voting 51-47 not to end debate on the measure (60 votes required). Opponents picked up one additional ‘no’ vote by Sen. Rubio (R-FL), who did not vote on it in August.  Majority Leader Reid faulted the minority and the Chamber … Continue Reading

Rockefeller Questions Fortune 500 on Cybersecurity Act / Data Security Practices

Posted in Cybersecurity, Federal Legislation
Senate Commerce Committee Chairman John D. Rockefeller (D-WV) yesterday blanketed the entire FORTUNE 500 list of companies with a pointed letter inquiring about business opposition to cybersecurity issues and seeking a response by October 19. (Press release here) The letter asks for information on companies’ cybersecurity practices and companies’ concerns about the federal government’s role … Continue Reading

Senate Takes Up Cybersecurity Bill: Can National Security Trump Politics This Close to the Election? Part 3 – The End?

Posted in Cybersecurity, Federal Legislation
This morning, the Senate failed to conclude debate on the cybersecurity bill by a vote of 52 to 46 (60 votes required), likely sounding the death knell for the legislation this year. Five Republicans voted in favor of moving ahead, while five Democrats voted against, but the vote otherwise followed party lines. In other words, … Continue Reading

Senate Takes Up Cybersecurity Bill: Can National Security Trump Politics This Close to the Election? Part 2

Posted in Cybersecurity, Federal Legislation
Yesterday we asked: Can National Security Trump Politics This Close to the Election? The answer is looking more and more like “no”. Having failed to reach agreement with his Republican counterpart on limiting debate and consideration of amendments (of which there are now 167) to the bill, last night Majority Leader Harry Reid (D-NV) filed … Continue Reading

Senate Takes Up Cybersecurity Bill: Can National Security Trump Politics This Close to the Election?

Posted in Cybersecurity, Federal Legislation
That is the $64,000 question. This being Washington, DC, it’s more likely a multi-million dollar question, and the answer is unclear. The Senate voted 84-11 last Thursday to end debate on a procedural motion that allows a revised bill, S. 3414, sponsored by Homeland Security and Government Affairs Committee Chairman Joe Lieberman (D-CT) to be … Continue Reading

Update to Cybersecurity / Data Breach Notification Legislative Outlook

Posted in Cybersecurity, Data Breach Notification Laws
Congress is back from a two week Easter recess and despite lingering concerns from privacy groups, House leaders plan to bring to the floor for votes one or more cybersecurity bills designed to protect the nation’s critical infrastructure – from power plants to financial markets – by encouraging information sharing about cyber threats between the … Continue Reading

Senate Cyber Security Bill Due Out This Week; Floor Action Not Likely Until March

Posted in Cybersecurity, Federal Legislation, Information Security
Odds are good that legislation to address online threats to the nation’s critical infrastructure assets will finally be released this week, but real action on it won’t take place until March: The Homeland Security and Government Affairs Committee, chaired by Joe Lieberman (I-CT), has scheduled a hearing on the ‘Cybersecurity Act of 2012’ for Thursday … Continue Reading

Will Facebook’s IPO Cybersecurity Disclosures Set the Tone Under SEC’s New Guidance?

Posted in Cybersecurity, Data Breach Notification Laws, Information Security
Facebook filed its long-awaited Form S-1 with the SEC on February 1.  Given the nature of its business, concerns regarding data privacy were peppered throughout the filing.  While other business risk factors may be paramount (e.g., reliance on Zynga, slowing growth, etc.), data privacy has been and will continue to be an important issue for … Continue Reading

Online Privacy and Data Security Legislation Update — 2011 Year in Review

Posted in COPPA, Cybersecurity, Federal Legislation, Online Privacy, Privacy
The end of 2010 featured the Department of Commerce citing the need for a Privacy Bill of Rights in its green paper and the FTC's preliminary online privacy report discussing the need for a Do Not Track mechanism. The momentum generated by these reports led to the introduction of multiple versions of Do Not Track and comprehensive privacy rights bills in early 2011. By mid-2011, at least five different data security and breach notification proposals were circulating in the wake of high profile data breaches. Reports about location based tracking led to the introduction of geolocation privacy and surveillance bills. Proposed amendments to the Children's Online Privacy Protection Act, Electronic Communications Privacy Act, and Video Privacy Protection Act were also made. And by the end of 2011, several cybersecurity bills designed to protect critical infrastructure had been introduced. Even though Congress held hearings on privacy issues, subcommittees approved several bills, and there was support from the Obama administration for comprehensive privacy legislation, as many expected, however, none of these bills were enacted when the first session of the 112th Congress adjourned December 18. The safe prediction for 2012 is more of the same--a lot of proposals but no consensus. It is certainly possible that another high profile data breach or cyberattack against a utility or government contractor could create enough urgency to force a consensus. However, numerous high profile breaches (Epsilon, Sony, Citi, RSA, Lockheed Martin and several health care providers), hactivist attacks against government security contractors (IRC Federal and HBGary), and reports about how the "weaponized" Stuxnet virus caused centrifuges in an Iranian nuclear facility to spin wildly out of control were not enough in 2011. We certainly expect to see data breach notification, comprehensive privacy, and cybersecurity bills addressed again in 2012. We may also see narrower bills aimed at online and location based tracking as well as Children's privacy. Emerging technology, including mobile payments and facial recognition, may also garner legislative attention. Below is a round-up of the 2011 privacy and data security legislative proposals, including links to more detailed analysis from our blog posts during the year… Continue Reading