Category Archives: Cybersecurity

Support Data Privacy Day on January 28, 2015

Written by
Did you know January 28 is Data Privacy Day (DPD)?  DPD commemorates Convention 108, the first legally binding international treaty dealing with privacy and data protection, signed on January 28, 1981.  DPD began in the United States and Canada in January 2008 as an extension of the DPD celebrated in Europe.  On January, 27, 2014, the 113th U.S. Congress adopted a nonbinding resolution expressing support for the designation of January 28 as “National Data Privacy Day.” National Cyber Security Alliance (NCSA), a non-profit organization dedicated to cyber-security education and awareness, [...] Read more

President Obama Proposes Strict National Data Breach Notification Law Ahead of State of the Union

Written by
On January 12, 2015, during a speech before the Federal Trade Commission (FTC), President Barack Obama announced that he would propose legislation to create a national, uniform data breach notification law.  The White House later released the full text of the proposed bill.  The President highlighted that a national breach notification law would benefit both consumers and notifying companies by pre-empting and streamlining the current system:  “right now almost every state has a different law on this and it’s confusing for consumers and it’s confusing for companies – and it’s costly [...] Read more

New Jersey Enacts Health Information Encryption Requirement

Written by and
New Jersey Governor Chris Christie has signed a new law requiring health insurance companies to protect client health information by encrypting the data. The law applies to any insurance company, health service corporation, hospital service corporation, medical service corporation, or health maintenance organization authorized to issue health benefits plans in New Jersey. These entities must take steps to protect “individually identifiable health information” that they compile through encryption or “by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable [...] Read more

NIST releases “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.”

Written by
On December 12, 2014, the National Institute for Standards and Technology (“NIST”) announced the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (“SP 800-53A”). SP 800-53A is a companion guideline to Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations (“SP 800-53”) and discusses how to build effective assessment plans and how to analyze and manage assessment results. NIST’s announcement highlights [...] Read more

Data Protection Commissioners Adopt Resolution on International Cooperation

Written by
On October 14, the International Data Protection and Privacy Commissioners’ (“IDPPC”) conference adopted a resolution calling for increased enforcement cooperation among international data protection authorities. Data protection authorities from around the world participated in the IDPCC conference, including representatives from Europe, Asia, the United States (including the Federal Trade Commission), and South America. In the “Resolution on Enforcement Cooperation,” the IDPCC encourages “efforts to bring about more effective cooperation in cross-border investigation [...] Read more

New California Law Expands Data Security Requirements, SSN Protections and Breach Notification Obligations

Written by
On September 30, 2014, the Governor of California signed Assembly Bill 1710, which made three small but important changes to the state’s privacy laws.  The bill:  (1) amended California’s breach notification law to require that the notifying entities offer identity theft protection services to affected individuals in certain cases; (2) required California businesses that “maintain” personal information on state residents to adopt reasonable security procedures to protect that personal information (a requirement that previously only applied to businesses that own or license such data); [...] Read more

Kim Peretti authors Bloomberg BNA article on Cyber Threat Intelligence and Information Sharing

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, authored (with contributions from associate Lou Dennig) the Bloomberg BNA article, “Cyber Threat Intelligence: To Share or Not to Share—What Are the Real Concerns?” In the article, Peretti discusses the importance of exchanging cyberthreat information and the concerns relating to information sharing, as well as provides guidance for companies in mitigating potential risks regarding this information sharing. Posted by Security Incident Management & Response Team | Alston & Bird [...] Read more

Inside Counsel Talks Cybersecurity with Kim Peretti Ahead of WIPL Conference

Written by
Kim Peretti, a partner in the firm’s White Collar Crime Group, discussed cybersecurity and the upcoming Women, Influence & Power in Law Conference with Inside Counsel. “From a legal standpoint, the risk exposure for a cyberattack has continued to rapidly increase,” and senior executives and board members play an important role in their company’s cybersecurity, said Peretti. “Senior management should know it’s not just an IT issue, it’s an enterprise risk and needs to be handled as all other enterprise risks. The board and senior executives should [...] Read more

Alston & Bird Hosting Event: The Evolving Cyber Insurance Market: Key Issues and Challenges

Written by
Kim Peretti, partner and co-chair of the firm’s Security Incident Management and Response Team, will moderate a panel discussion during this September 11 event. The featured speakers are Tom Finan, Senior Cybersecurity Strategist and Counsel with the U.S. Department of Homeland Security, and Sean Hyatt, counsel in the firm’s Litigation & Trial Practice Group and a member of the Insurance Litigation & Regulation Team.  The Department of Homeland Security has taken an active role in the growing interest in cyber insurance, holding several public roundtables and workshops [...] Read more

Kim Peretti Interviewed by BankInfoSecurity

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed by BankInfoSecurity about what boards must know about security issues and how to keep directors risk-aware. In the interview, titled “Cybersecurity: What Boards Must Know,” Peretti discusses what directors don’t know about security, the pre- and post-breach responsibilities of boards, and how to educate the board – and when. “[Boards] have an awareness of the threat out there,” Peretti said. “But what they’re struggling with – what [...] Read more