RSS Print Email


Jim Harvey to Speak at National Association of Corporate Directors Program on Mitigating Cybersecurity Risks

April 14, 2014 | Posted by Privacy & Data Security Team | Topic(s): Events, Security Breach, Cybersecurity, Cybercrime, Data Protection

Jim Harvey, co-chair of the firm’s Privacy & Data Security practice and the Security Incident Management and Response Team, will be a featured speaker during an April 16 program sponsored by the National Association of Corporate Directors (NACD) titled, “Mitigating Cyber Security Threats: How the Attackers, Their Objectives, Their Methods Keep Changing.” Cyber security threats and the alarming rise of high-profile cyber incidents requiring the board’s attention is the subject of this month’s program. This panel of leading experienced cyber professionals will lead a discussion on how the Board can be most effective evaluating the cyber security prevention and detection program, and what to expect should a material cyber incident impact the company. Other panelists include Ron Plesco and Greg Bell, both of KPMG.

For more information or to register, please click here.

Written by Privacy & Data Security team | Alston & Bird LLP

DOJ and FTC Issue Antitrust Policy Statement on Cybersecurity Information Sharing

April 11, 2014 | Posted by Maki DePalo | Topic(s): Data Security, Cybersecurity, Privacy, Data Protection

On April 10, 2014, The Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) (collectively, the “Agencies”) issued a policy statement on the sharing of cybersecurity information. The policy statement indicates that the Agencies share the President’s view that “cyber threat is one of the most serious economic and national security challenges we face as a nation.” In the policy statement, the Agencies explain how their analytical framework for information sharing works with respect to the exchange of cyber threat information and clarify that properly designed sharing of cyber threat information should not raise antitrust concerns.

Read More

Kim Peretti to Speak at Georgetown Law’s Cybersecurity Law Institute

April 7, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Events, Legislation, International, Security Breach, Data Security, Cybersecurity, Regulation

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, will be a featured speaker during the second annual Cybersecurity Law Institute sponsored by the Georgetown University Law Center. Cybersecurity continues to stay in the news in 2014 as the White House calls for a "Consumer Privacy Bill of Rights" for the digital age. What does this mean for your company or organization? The following topics will be covered during the May 21-22 program in Washington, D.C: 

--Learn how an effective Enterprise Security Program drastically reduces cyber risks within your organization. 
--Debate the value of insurance in the cyber context; learn about coverages and what risk mitigation strategies may lower premium costs. 
--Participate in simulations that animate the complexity and speed of data breach response, including from a global perspective. 
--Hear from top general counsel regarding the evolving role of legal counsel and their relationship with the board of directors. 
--Discover how the brand-new NIST Framework may potentially impact you even if you are not in a critical infrastructure sector.

For more information and to register, please click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

SIA Announces Revised Privacy Framework

April 7, 2014 | Posted by Maki DePalo | Topic(s): Data Security, Cybersecurity, Privacy, Data Protection

The Security Industry Association (“SIA”) announced the revised SIA Privacy Framework on April 1, 2014. Building on the initial framework released in 2010, the revised SIA Privacy Framework is designed to provide guidance to companies seeking to establish adequate privacy policies to protect personally identifiable information and other sensitive data. This release outlines a core set of principles and best practices for privacy protections in the deployment of security technologies.

Read More

Financial Regulators Release Statements on Cyber-Attacks

April 3, 2014 | Posted by Maki DePalo | Topic(s): Data Security, Cybersecurity, Financial Privacy

On April 2, 2014, the Federal Financial Institutions Examination Council (“FFIEC”) issued a press release, alerting that FFIEC members are issuing joint statements on the risks associated with cyber-attacks on Automated Teller Machine (“ATM”) and card authorization systems and the continued distributed denial of service (“DDoS”) attacks on websites.

Read More

Alston & Bird and Kroll Hosting Webinar: Global Breach Investigations in a Post Snowden World – New Standards, New Challenges

March 25, 2014 | Posted by Privacy & Data Security team | Topic(s): Events, International, Data Security, Cybersecurity, Privacy, Data Breach, Cybercrime

Jim Harvey, partner and co-chair of the firm’s Privacy & Data Security team and the Security Incident Management and Response Team, will moderate a panel discussion during this April 2 webinar. The featured speakers are Kim Peretti, Partner and co-chair of the firm’s Security Incident Management & Response Team, E.J. Hilbert, Managing Director and Head of Cyber Investigations with Kroll, and Andrew Tannenbaum, Cybersecurity Counsel with IBM.

Cybersecurity incidents increasingly affect servers, employees, customers and business operations throughout the world, impacting both the investigatory process and the legal and regulatory landscape. The evolving global breach notification standards require constant monitoring and skillful navigation through a variety of regulatory schemes. Global investigations also present logistical, technical, and forensic challenges as sophisticated malware compromises systems without regards to geographical boundaries. This webinar brings together a panel of experts to provide an overview of the global legal landscape for data breach notification, highlight legal and technical considerations in conducting a global investigation, and offer practical tips for addressing the logistical complexities inherent in such investigations.

Wednesday, April 2
10:00 a.m. to 11:30 a.m. (ET)

For more information and to register, please click here.

Posted by Privacy and Data Security team | Alston & Bird LLP

Kristy Brown Speaking at Federal Bar Association Cyber Liability Luncheon

March 20, 2014 | Posted by Privacy & Data Security team | Topic(s): Events, Data Security, Cybersecurity, Cybercrime, Cyber Risk

Kristy Brown, chair of the firm's Telecommunications & Technology, and Privacy Litigation Practice Teams, will be a featured speaker at a lunch program sponsored by the Atlanta Chapter of the Federal Bar Association and hosted in Alston & Bird's Atlanta office on March 25. Recent news stories about government surveillance, data breaches and hacking have made data security and privacy issues the center of attention. Panelists in the fields of cybercrime and cyber liability will discuss the most significant trends and issues for 2014.

To register for this program, please click here.

Written by Privacy & Data Security team | Alston & Bird LLP

Investigating International Data Breaches In a Post-Snowden World – Addressing Legal Considerations and Logistical Challenges

February 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Advisories, International, Data Security, Cybersecurity, Data Breach, Cybercrime

Partner Kim Peretti and Senior Associate Kelley Barnaby of Alston and Bird’s Privacy and Data Security Team and Litigation and Trial Practice group have authored a Cyber Alert, “International Data Breach Investigations in a Post-Snowden World – Evolving Legal Obligations and Investigatory Challenges,” with E.J. Hilbert of Kroll. In this article Peretti and Barnaby discuss the evolving international obligations regarding notification of data breaches, including what types of information may trigger notification and who must be notified. The article also discusses notable future notification obligations. The article provides practical tips for preparing for and conducting an international data breach investigation. 

The full Cyber Alert is available here. 

Posted by Security Incident Management & Response Team  | Alston & Bird LLP

NIST releases final Cybersecurity Framework

The National Institute of Standards and Technology (“NIST”) has released the final version of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The Framework was developed by NIST at the direction of President Obama’s February 12, 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”).

Read More

Energy and Commerce Committee to Hold First U.S. House of Representatives Hearing in 2014 on Protecting Consumer Information and Preventing Data Security Breaches

Following the recent announcement of two U.S. Senate committee hearings on data security breaches, the House Energy and Commerce Committee announced the first U.S. House of Representatives hearing to examine the issue. During the same week as the Senate hearings, the committee’s Subcommittee on Commerce, Manufacturing and Trade (CMT), chaired by Rep. Lee Terry (R-NE), will hold a hearing entitled “Protecting Consumer Information: Can Data Breaches Be Prevented?” on Wednesday, February 5, 2014, at 9:30 a.m. EST in 2123 Rayburn House Office Building. According to the hearing notice released yesterday, witnesses will include executives from Target and Neiman Marcus, as well as government officials from the United States Secret Service and Department of Homeland Security. The Subcommittee will examine the preparations made by businesses to prevent data security breaches and the resources that exist to identify threats and improve the security of consumer information. The CMT Subcommittee notice also referenced the subcommittee’s recently issued data breach resource guide, which is a webpage that provides consumers with information they can use to help protect themselves against identity theft and take action when they learn of potential fraudulent charges on their accounts.

Read More

Retail Breaches: Investigating Payment Card Breaches

"Challenges in Conducting Breach Investigations: Part 2," was published in April 2013 by Law360, however, given the recent spate of retail breaches involving payment cards, it is highly relevant to entities experiencing these types of incidents. The article describes some of the challenges to conducting breach investigations in response to increasingly sophisticated attacks. In particular, the article takes a closer look at how to investigate and respond to payment card breaches—both because of their unique nature and their potentially grave implications.

Written by Kimberly Peretti, Partner, Security Incident Management & Response Team | Alston & Bird LLP

Kim Peretti Presented at the Law Seminars International Cybersecurity Law and Strategies Conference

January 28, 2014 | Posted by Privacy & Data Security Team | Topic(s): Events, Cybersecurity, Privacy, Regulation

Kimberly Peretti, partner in the Privacy & Data Security Team, was a speaker in the seminar discussion “Legal Developments for Cyber Security Law” during the Law Seminar International Cybersecurity Law and Strategies Conference on Monday, January 27.

The following topics were discussed during the program:

• Regulatory requirements and structure (to the extent there is one).
• Who has jurisdiction over what?
• What items do you need on your regulatory compliance checklist?

For more information on the conference, please click here.

Posted by Privacy & Data Security Team | Alston & Bird LLP

Alston & Bird to Host the Financial Marketplaces and Cyber Risk Seminar – February 11

January 28, 2014 | Posted by Privacy & Data Security Team | Topic(s): Events, Data Security, Cybersecurity, Privacy, Regulation

Please join Jim Harvey and Kimberly Peretti, co-chairs of the firm’s Security Incident Management & Response Team, for a first-of-its-kind seminar: “Financial Marketplaces and Cyber Risk.”

The panel discussion will both define cyber risk and its implications for financial marketplaces and address the existing regulatory framework and strategies purporting to improve risk mitigation for the industry as a whole.

Tuesday, February 11
8:30 a.m. to 10:30 a.m. (ET)

Jim Harvey, Partner, Alston & Bird LLP

Mark Clancy, Managing Director of Technology Risk Management, Depository Trust & Clearing Corporation
Russell Fitzgibbons, Executive Vice President and Chief Risk Officer, The Clearing House
Jerry Perullo, Deputy CISO, IntercontinentalExchange, Inc.
Katheryn Rosen, Deputy Assistant Secretary, Office of Financial Institutions Policy, Department of Treasury
Kimberly Peretti, Partner, Alston & Bird LLP

The program is a complimentary seminar in our New York office. Alternatively, the program will also be made available via teleconference. For more information and to register, please click here.

Posted by Privacy & Data Security Team | Alston & Bird LLP


U.S. Senate Banking and Judiciary Committees to Hold Hearings Examining Data Security Breaches, Identity Theft, and the Safeguarding of Consumers’ Financial Data

The U.S. Senate Committees on Banking and the Judiciary will each host hearings during the week of February 3, 2014, to examine the impact on consumers from recently reported data security breaches and what measures may be taken to protect sensitive information of consumers, including customer financial information, from criminal acquisition and misuse. Consistent with the assigned jurisdiction and oversight authority of each committee, the Banking Committee will examine the protection of consumer financial data, whereas the Senate Judiciary Committee will focus on the prevention of data security breaches and combating cybercrime. While these hearings will be open to the public at the Senate office buildings in Washington, D.C., each hearing will also be webcast live to the public via the committees’ hearing web pages at the links provided below. Witness testimony will not be made publicly available until the hearings start, but will be posted and available at the same committee web pages. (Please click on “Read More” to see more detailed information on each hearing and links to the committee webpages.)

Read More

Senator Leahy Reintroduces “Personal Data Privacy and Security Act”: Federal Data Breach Notification Law Includes Criminal Penalties for Failure to Notify

On January 8, 2014, Senator Leahy (D-VT) reintroduced the “Personal Data Privacy and Security Act” (S. 1897) in an effort to both enhance criminal penalties for computer hacking, and create a tough Federal data breach notification statute. The bill was originally cosponsored (at the time of its introduction) by Senators Chuck Schumer (D-NY), Al Franken (D-MN) and Richard Blumenthal (D-CT), and has since been cosponsored by Senator Robert Menendez (D-NJ). The bill has been referred to the Senate Judiciary Committee for consideration, and the committee is expected to hold a hearing on data security breach issues within the coming weeks.

Read More