RSS Print Email

Data Security

DOJ and FTC Issue Antitrust Policy Statement on Cybersecurity Information Sharing

April 11, 2014 | Posted by Maki DePalo | Topic(s): Data Security, Cybersecurity, Privacy, Data Protection

On April 10, 2014, The Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) (collectively, the “Agencies”) issued a policy statement on the sharing of cybersecurity information. The policy statement indicates that the Agencies share the President’s view that “cyber threat is one of the most serious economic and national security challenges we face as a nation.” In the policy statement, the Agencies explain how their analytical framework for information sharing works with respect to the exchange of cyber threat information and clarify that properly designed sharing of cyber threat information should not raise antitrust concerns.

Read More

Kim Peretti to Speak at Georgetown Law’s Cybersecurity Law Institute

April 7, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Events, Legislation, International, Security Breach, Data Security, Cybersecurity, Regulation

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, will be a featured speaker during the second annual Cybersecurity Law Institute sponsored by the Georgetown University Law Center. Cybersecurity continues to stay in the news in 2014 as the White House calls for a "Consumer Privacy Bill of Rights" for the digital age. What does this mean for your company or organization? The following topics will be covered during the May 21-22 program in Washington, D.C: 

--Learn how an effective Enterprise Security Program drastically reduces cyber risks within your organization. 
--Debate the value of insurance in the cyber context; learn about coverages and what risk mitigation strategies may lower premium costs. 
--Participate in simulations that animate the complexity and speed of data breach response, including from a global perspective. 
--Hear from top general counsel regarding the evolving role of legal counsel and their relationship with the board of directors. 
--Discover how the brand-new NIST Framework may potentially impact you even if you are not in a critical infrastructure sector.

For more information and to register, please click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

SIA Announces Revised Privacy Framework

April 7, 2014 | Posted by Maki DePalo | Topic(s): Data Security, Cybersecurity, Privacy, Data Protection

The Security Industry Association (“SIA”) announced the revised SIA Privacy Framework on April 1, 2014. Building on the initial framework released in 2010, the revised SIA Privacy Framework is designed to provide guidance to companies seeking to establish adequate privacy policies to protect personally identifiable information and other sensitive data. This release outlines a core set of principles and best practices for privacy protections in the deployment of security technologies.

Read More

Financial Regulators Release Statements on Cyber-Attacks

April 3, 2014 | Posted by Maki DePalo | Topic(s): Data Security, Cybersecurity, Financial Privacy

On April 2, 2014, the Federal Financial Institutions Examination Council (“FFIEC”) issued a press release, alerting that FFIEC members are issuing joint statements on the risks associated with cyber-attacks on Automated Teller Machine (“ATM”) and card authorization systems and the continued distributed denial of service (“DDoS”) attacks on websites.

Read More

Alston & Bird and Kroll Hosting Webinar: Global Breach Investigations in a Post Snowden World – New Standards, New Challenges

March 25, 2014 | Posted by Privacy & Data Security team | Topic(s): Events, International, Data Security, Cybersecurity, Privacy, Data Breach, Cybercrime

Jim Harvey, partner and co-chair of the firm’s Privacy & Data Security team and the Security Incident Management and Response Team, will moderate a panel discussion during this April 2 webinar. The featured speakers are Kim Peretti, Partner and co-chair of the firm’s Security Incident Management & Response Team, E.J. Hilbert, Managing Director and Head of Cyber Investigations with Kroll, and Andrew Tannenbaum, Cybersecurity Counsel with IBM.

Cybersecurity incidents increasingly affect servers, employees, customers and business operations throughout the world, impacting both the investigatory process and the legal and regulatory landscape. The evolving global breach notification standards require constant monitoring and skillful navigation through a variety of regulatory schemes. Global investigations also present logistical, technical, and forensic challenges as sophisticated malware compromises systems without regards to geographical boundaries. This webinar brings together a panel of experts to provide an overview of the global legal landscape for data breach notification, highlight legal and technical considerations in conducting a global investigation, and offer practical tips for addressing the logistical complexities inherent in such investigations.

Wednesday, April 2
10:00 a.m. to 11:30 a.m. (ET)

For more information and to register, please click here.

Posted by Privacy and Data Security team | Alston & Bird LLP

Alston & Bird Hosting Privacy, Innovation and Big Data Program Organized by the American Constitution Society

March 21, 2014 | Posted by Privacy & Data Security team | Topic(s): Events, Data Security, Privacy, Regulation, Big Data

On March 25, Alston & Bird partner David Keating to moderate panel discussion organized by the American Constitution Society and Georgia State Bar on Big Data. Featured speakers are Georgia Tech’s Peter Swire, Acxiom’s Jerry Jones, FTC’s Cindy Liebes, and attorney Gerald Weber.

David Keating, Partner and co-chair of the firm’s Privacy & Security team, will moderate the panel titled “Privacy, Innovation and Big Data: What Does the Future Hold?” Technologies used to collect and analyze vast amounts of data have made quantum leaps forward in recent years. At the same time, the cost of storage of data has continued a dramatic trend downward. The result is Big Data – large datasets compiled by businesses and governmental authorities, which can be used to identify individuals from disparate bits of information and to derive intimate details about individuals’ activities online and in the physical world. This panel discussion will focus on how governments and businesses collect vast amounts of data about peoples’ lives and how that information, now called Big Data, is analyzed and used. The panelists will discuss issues relating to the balancing of Big Data’s benefits against actual or perceived privacy costs, and whether existing legal frameworks are sufficient to address this new paradigm.

Read More

Kristy Brown Speaking at Federal Bar Association Cyber Liability Luncheon

March 20, 2014 | Posted by Privacy & Data Security team | Topic(s): Events, Data Security, Cybersecurity, Cybercrime, Cyber Risk

Kristy Brown, chair of the firm's Telecommunications & Technology, and Privacy Litigation Practice Teams, will be a featured speaker at a lunch program sponsored by the Atlanta Chapter of the Federal Bar Association and hosted in Alston & Bird's Atlanta office on March 25. Recent news stories about government surveillance, data breaches and hacking have made data security and privacy issues the center of attention. Panelists in the fields of cybercrime and cyber liability will discuss the most significant trends and issues for 2014.

To register for this program, please click here.

Written by Privacy & Data Security team | Alston & Bird LLP

LabMD’s Federal Court Actions Against the FTC Dismissed

LabMD is back in the news. This time, however, it’s not the FTC’s administrative action against LabMD that’s making headlines. (For information about the administrative action, please see our prior posts here and here.) Instead, LabMD’s federal court actions against the FTC – one in the United States Court of Appeals for the Eleventh Circuit and one in United States District Court for the District of Columbia – are now making news. Both have recently been dismissed. This means that, at least for now, the FTC’s administrative action will likely settle the parties’ disputes.

Read More

Investigating International Data Breaches In a Post-Snowden World – Addressing Legal Considerations and Logistical Challenges

February 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Advisories, International, Data Security, Cybersecurity, Data Breach, Cybercrime

Partner Kim Peretti and Senior Associate Kelley Barnaby of Alston and Bird’s Privacy and Data Security Team and Litigation and Trial Practice group have authored a Cyber Alert, “International Data Breach Investigations in a Post-Snowden World – Evolving Legal Obligations and Investigatory Challenges,” with E.J. Hilbert of Kroll. In this article Peretti and Barnaby discuss the evolving international obligations regarding notification of data breaches, including what types of information may trigger notification and who must be notified. The article also discusses notable future notification obligations. The article provides practical tips for preparing for and conducting an international data breach investigation. 

The full Cyber Alert is available here. 

Posted by Security Incident Management & Response Team  | Alston & Bird LLP

FTC Denies LabMD’s Motion to Dismiss

February 20, 2014 | Posted by Paula Stannard, Zach Neal, & Claire Readhead | Topic(s): Federal Trade Commission (FTC), Enforcement, Data Security

The FTC – in a decision that should surprise no one – refused to dismiss its administrative complaint (“Complaint”) against LabMD. This case – like the FTC’s case against Wyndham Worldwide – illustrates the continuing fight regarding the scope of the FTC’s power for regulate inadequate data security practices. In particular, this decision is important because it further explains the FTC’s rationale for regulating allegedly inadequate data security practices pursuant to its “unfair” acts or practices authority in Section 5 of the FTC Act. The decision also sets forth the FTC’s view as to why its Section 5 authority permits it to regulate and enforce data security when other statutes – such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) administrative simplification provisions addressing the privacy and security of health information – already regulate data security in a particular area. Because the FTC increasingly uses this Section 5 authority to regulate what it views as inadequate data security practices, businesses of any size which deal with data security – essentially all businesses to some degree – should closely review this decision. The bottom line: Unless the courts or Congress limit the FTC’s power in this context, the FTC is likely to expand the exercise of its Section 5 “unfair” acts or practices authority to regulate allegedly “unfair” data security practices by means of case-by-case enforcement actions – without issuing regulations or guidance to inform businesses and industries of the data security standards they must meet to comply with the FTC Act.

Read More

Complimentary Seminar – Payment Card Breaches: How to Prepare, How to Survive – March 5, 2014

February 18, 2014 | Posted by Privacy & Data Security Team | Topic(s): Data Security, Privacy

Please join Alston & Bird, Dell SecureWorks and AIG for a discussion on how to prepare for and respond to payment card breaches.

Read More

NIST releases final Cybersecurity Framework

The National Institute of Standards and Technology (“NIST”) has released the final version of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The Framework was developed by NIST at the direction of President Obama’s February 12, 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”).

Read More

Energy and Commerce Committee to Hold First U.S. House of Representatives Hearing in 2014 on Protecting Consumer Information and Preventing Data Security Breaches

Following the recent announcement of two U.S. Senate committee hearings on data security breaches, the House Energy and Commerce Committee announced the first U.S. House of Representatives hearing to examine the issue. During the same week as the Senate hearings, the committee’s Subcommittee on Commerce, Manufacturing and Trade (CMT), chaired by Rep. Lee Terry (R-NE), will hold a hearing entitled “Protecting Consumer Information: Can Data Breaches Be Prevented?” on Wednesday, February 5, 2014, at 9:30 a.m. EST in 2123 Rayburn House Office Building. According to the hearing notice released yesterday, witnesses will include executives from Target and Neiman Marcus, as well as government officials from the United States Secret Service and Department of Homeland Security. The Subcommittee will examine the preparations made by businesses to prevent data security breaches and the resources that exist to identify threats and improve the security of consumer information. The CMT Subcommittee notice also referenced the subcommittee’s recently issued data breach resource guide, which is a webpage that provides consumers with information they can use to help protect themselves against identity theft and take action when they learn of potential fraudulent charges on their accounts.

Read More

Retail Breaches: Investigating Payment Card Breaches

"Challenges in Conducting Breach Investigations: Part 2," was published in April 2013 by Law360, however, given the recent spate of retail breaches involving payment cards, it is highly relevant to entities experiencing these types of incidents. The article describes some of the challenges to conducting breach investigations in response to increasingly sophisticated attacks. In particular, the article takes a closer look at how to investigate and respond to payment card breaches—both because of their unique nature and their potentially grave implications.

Written by Kimberly Peretti, Partner, Security Incident Management & Response Team | Alston & Bird LLP

Alston & Bird to Host the Financial Marketplaces and Cyber Risk Seminar – February 11

January 28, 2014 | Posted by Privacy & Data Security Team | Topic(s): Events, Data Security, Cybersecurity, Privacy, Regulation

Please join Jim Harvey and Kimberly Peretti, co-chairs of the firm’s Security Incident Management & Response Team, for a first-of-its-kind seminar: “Financial Marketplaces and Cyber Risk.”

The panel discussion will both define cyber risk and its implications for financial marketplaces and address the existing regulatory framework and strategies purporting to improve risk mitigation for the industry as a whole.

Tuesday, February 11
8:30 a.m. to 10:30 a.m. (ET)

Jim Harvey, Partner, Alston & Bird LLP

Mark Clancy, Managing Director of Technology Risk Management, Depository Trust & Clearing Corporation
Russell Fitzgibbons, Executive Vice President and Chief Risk Officer, The Clearing House
Jerry Perullo, Deputy CISO, IntercontinentalExchange, Inc.
Katheryn Rosen, Deputy Assistant Secretary, Office of Financial Institutions Policy, Department of Treasury
Kimberly Peretti, Partner, Alston & Bird LLP

The program is a complimentary seminar in our New York office. Alternatively, the program will also be made available via teleconference. For more information and to register, please click here.

Posted by Privacy & Data Security Team | Alston & Bird LLP