RSS Print Email

Data Breach

Kim Peretti and Jessica Corley co-author Bloomberg BNA article on Director Liability for Cybersecurity

July 29, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy, Data Breach, Privacy Policy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, co-authored with Jessica Corley, chair of the firm’s Securities Litigation Group, the Bloomberg BNA article, “Cybersecurity: What Directors Need to Know in an Era of Increased Scrutiny.” In the article, Peretti and Corley discuss the cybersecurity issues that directors and officers face due to the fact that most companies’ assets are stored digitally and, therefore, at risk of cyberattacks. Because of these risks, well-designed policies and procedures to ensure data security are crucial to companies of all sizes, both in the public and private sectors. Directors and officers are under increased scrutiny and expected to be fully aware and engaged in their companies’ cybersecurity measures. Peretti and Corley’s article addresses the risks and impacts of data breaches, as well as practical pre- and post-breach guidance.

To read the full article, click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

Kim Peretti to Speak on AllClear ID Webinar

July 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Events, Cybersecurity, Data Breach

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, will be a featured speaker on a webinar addressing the cyber risk landscape and best practices on breach preparation and response. The webinar, titled “Confidence in the Breach Age: Risks, Preparation, Response & Recovery,” will feature a panel of industry professionals who will share their perspectives on:

  • Understanding the reality of cyber risk to your organization
  • Legal practices in preparedness and response
  • Managing the forensics investigation with confidence
  • Restoring trust with notification, call center & consumer protection

This webinar will be held on Wednesday, August 20 at 12pm EST. For more information about this webinar and to register, please click here.

Written by Security Incident Management & Response TeamAlston & Bird LLP

Florida Enacts One of Nation’s Most Stringent Data Breach Notification Laws; Includes 30-Day Notice Requirement

June 24, 2014 | Posted by Bruce Sarkisian | Topic(s): Legislation, Security Breach, US State Law, Data Breach

On June 20, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014, which updates Florida’s data breach notification law. The changes will take effect on July 1 of this year.

Read More

Kim Peretti Quoted in Bank Info Security

June 3, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Security Breach, Cybersecurity, Financial Privacy, Data Breach

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was quoted in a Bank Info Security article titled “Target Breach: Hold Board Responsible?

The article discussed a consulting firm’s report for shareholders in regard to Target Corp. stating that the company should replace seven of the ten members of its board of directors who served on the audit and corporate responsibility committees that should have provided better oversight into fraud and other cyber-risks when it came to Target’s major data breach.

“The study reinforces that boards need to address cybersecurity risks just as they deal with other types of enterprise risks,” Peretti said. "Boards need to be proactively engaged in understanding IT security risk and need to be asking probing questions in advance of a breach....A report from a consulting firm recommending that a company dismiss board members because of their handling of data security issues is unusual."

"It's the first that we're seeing [such] drastic or significant conclusions [like] in this report," she said.
"Companies are still struggling with appropriate cybersecurity governance."

Written by Security Incident Management & Response TeamAlston & Bird LLP

Kim Peretti Interviewed in FierceGovernmentIT Q&A Session

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team and former senior litigator for DOJ’s Computer Crime and Intellectual Property Section, was interviewed in a Q&A session with FierceGovernmentIT titled “China Cyber Espionage Charges Provide 'Missing Part of the Puzzle.'"

 

Peretti discussed the significance of the indictment against the individuals in China's People's Liberation Army for stealing trade secrets from American companies, and touched on the fact that the United States has shown its ability to form a case against state-sponsored acts of cybercrime through this indictment.

 

“From my experience in the Justice Department in bringing sort of benchmark investigations or prosecutions, the first time is often the hardest—working through any number of hurdles and gathering the evidence,” Peretti said. “I would hope that we might see more indictments modeled after this one if the evidence develops, since now we have a first of its kind that's been brought.”

To read the complete Q&A session, please click here.

 

Written by Security Incident Management & Response Team | Alston & Bird LLP

WATCH: Kim Peretti Interviewed by WSJ Live, “Five Chinese Military Accused of Hacking U.S. Firms”

May 19, 2014 | Posted by Security Incident Management & Response Team | Topic(s): International, Data Breach, Cybercrime, Cross-border, Department of Justice (DOJ)

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed by Wall Street Journal Live on the impact of the U.S. Department of Justice announcing charges against five Chinese military workers, accusing them of hacking several U.S. companies for trade secrets. Attorney General Eric Holder announced Monday, May 19 this first-of-its-kind criminal case alleging economic espionage against a foreign government official.

Peretti, a former senior litigator for the Justice Department's Computer Crime and Intellectual Property Section, believes this is a significant event and sends the message that the government is willing to pursue nation-state actors and indict them criminally for their cyber espionage activities.

Visit WSJ Live to watch Peretti’s interview.

 

Written by Security Incident Management & Response Team | Alston & Bird LLP

Special Assistant Attorney General Speaks On Privacy Issues At Alston & Bird’s Los Angeles Office

May 14, 2014 | Posted by Sheila Shah | Topic(s): Advisories, Data Security, Data Breach, Behavioral Tracking, Big Data

As part of the California Attorney General’s ongoing effort to educate the business community regarding privacy issues, Jeffrey Rabkin, Special Assistant Attorney General for Law and Technology, briefed business professionals, privacy officers, in-house and outside counsel on May 13, 2014, in Alston & Bird’s Los Angeles Office.

Read More

DOJ Issues White Paper on Cybersecurity Information Sharing Under the SCA

On Friday, May 9 the Department of Justice (DOJ) released a white paper stating that under its interpretation of the Stored Communications Act (SCA), 18 U.S.C. § 2701 et seq., communications companies are permitted to disclose “non-content information to the government” as long as that information is in its “aggregate form.” The lynchpin of the DOJ’s analysis is whether the shared information identifies or provides information regarding particular subscribers or customers. Under that standard, data that “is aggregated but still provides information about a particular subscriber or customer” is prohibited from disclosure under the SCA. In releasing its white paper, the DOJ recognized that “information sharing is a critical component of bolstering public and private network owners’ and operators’ capacity to protect their networks against evolving and increasingly sophisticated cyber threats.” As such, “the private sector would benefit from a better understanding of whether the electronic communications statutes [DOJ enforces] prohibit them from voluntarily sharing useful cybersecurity information with the government.”

Read More

Kim Peretti Quoted in Law360 Article “Post-Target Breach Laws Ratchet Up Pressure On Companies”

May 13, 2014 | Posted by Privacy & Data Security Team | Topic(s): US State Law, Privacy, Data Breach

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was quoted in the Law360 article “Post-Target Breach Laws Ratchet Up Pressure On Companies.” The article discussed how Florida, Minnesota and several other states have moved to amend their data breach notification laws to tighten reporting timelines in response to the Target data breach and other high-profile intrusions. The amendments also expand on covered personal information, which adds pressure to companies that are trying to comply with a patchwork of state laws.

“We're definitely seeing the fallout from highly visible recent payment card breaches, especially the one at Target,” Peretti said. “States feel like they need to do something about it, and the developments are only continuing to fuel the already very active role that states are...taking in responding to data security concerns.”

Posted by Privacy & Data Security Team | Alston & Bird LLP

Kentucky Becomes 47th State To Require Data Breach Notification; Adds Restrictions on use of “Student Data”

Kentucky Governor Steve Beshear signed a data breach notification bill on April 10, adding Kentucky to the ranks of U.S. states requiring notice to individuals in the event of a data breach and leaving Alabama, New Mexico and South Dakota as the only states that do not require such notice.

Read More

Iowa Updates Data Breach Notification Law to Add Paper Records, AG Notice Requirement

Iowa Governor Terry Brandstad has signed Senate File 2259, an act modifying provisions applicable to personal information security breach notification requirements.

Iowa’s law will now require notice of breaches of unauthorized acquisition of information that is on paper (in addition to computerized data) and to require notice to the consumer protection division of the state Attorney General’s office if a data breach affects more than 500 residents. Notice to the Attorney General’s office must be made within five days of notice to individuals. The changes take effect on July 1, 2014.

Written by Bruce Sarkisian, Associate, Privacy & Data Security | Alston & Bird LLP

District Court Denies Wyndham Motion to Dismiss and Supports FTC's Authority in Data Breach Cases

In Federal Trade Commission v. Wyndham Worldwide Corp., et al., No. 13-cv-01887-ES-JAD (D.N.J. Apr. 7, 2014), Judge Esther Salas of the U.S. District Court for the District of New Jersey denied Wyndham’s request for dismissal of the FTC’s lawsuit against the hotel resort chain as a result of getting hacked.* Wyndham had challenged the FTC’s power to assert an unfairness claim under Section 5 of the FTC Act. Although the Court’s ruling focused solely on the FTC’s authority to bring the lawsuit, and offered no opinion on the underlying merits of the allegations, the ruling could have broad ramifications on the FTC’s ability to pursue companies for unfair and deceptive trade practices when a data breach occurs.

Read More

Alston & Bird and Kroll Hosting Webinar: Global Breach Investigations in a Post Snowden World – New Standards, New Challenges

March 25, 2014 | Posted by Privacy & Data Security team | Topic(s): Events, International, Data Security, Cybersecurity, Privacy, Data Breach, Cybercrime

Jim Harvey, partner and co-chair of the firm’s Privacy & Data Security team and the Security Incident Management and Response Team, will moderate a panel discussion during this April 2 webinar. The featured speakers are Kim Peretti, Partner and co-chair of the firm’s Security Incident Management & Response Team, E.J. Hilbert, Managing Director and Head of Cyber Investigations with Kroll, and Andrew Tannenbaum, Cybersecurity Counsel with IBM.

Cybersecurity incidents increasingly affect servers, employees, customers and business operations throughout the world, impacting both the investigatory process and the legal and regulatory landscape. The evolving global breach notification standards require constant monitoring and skillful navigation through a variety of regulatory schemes. Global investigations also present logistical, technical, and forensic challenges as sophisticated malware compromises systems without regards to geographical boundaries. This webinar brings together a panel of experts to provide an overview of the global legal landscape for data breach notification, highlight legal and technical considerations in conducting a global investigation, and offer practical tips for addressing the logistical complexities inherent in such investigations.

Wednesday, April 2
10:00 a.m. to 11:30 a.m. (ET)

For more information and to register, please click here.

Posted by Privacy and Data Security team | Alston & Bird LLP

Jim Harvey Speaking at the 2014 IAPP Global Privacy Summit

Jim Harvey, co-chair of the firm’s Privacy & Data Security practice and the Security Incident Management and Response Team, will participate as a presenter at the 2014 IAPP Global Privacy Summit, March 5-7. The IAPP Summit, one of the largest in the world, hosts privacy and security professionals to focus on a range of privacy-related topics.

Read More

Investigating International Data Breaches In a Post-Snowden World – Addressing Legal Considerations and Logistical Challenges

February 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Advisories, International, Data Security, Cybersecurity, Data Breach, Cybercrime

Partner Kim Peretti and Senior Associate Kelley Barnaby of Alston and Bird’s Privacy and Data Security Team and Litigation and Trial Practice group have authored a Cyber Alert, “International Data Breach Investigations in a Post-Snowden World – Evolving Legal Obligations and Investigatory Challenges,” with E.J. Hilbert of Kroll. In this article Peretti and Barnaby discuss the evolving international obligations regarding notification of data breaches, including what types of information may trigger notification and who must be notified. The article also discusses notable future notification obligations. The article provides practical tips for preparing for and conducting an international data breach investigation. 

The full Cyber Alert is available here. 

Posted by Security Incident Management & Response Team  | Alston & Bird LLP

123456