Category Archives: Cybersecurity

FERC Takes Action on Cybersecurity in Response to Ukrainian Cyber Attacks

Written by
The Federal Energy Regulatory Commission (“FERC”) issued a Notice of Inquiry (“NOI”) and Final Rule at the end of July to address several urgent cybersecurity issues affecting the bulk electric system.  FERC is taking these actions in the face of increasingly sophisticated threats to our power grid, including in response to an actual cyber-attack against Ukraine’s electricity system last year. In the NOI, the Commission seeks comments on possible modifications to the Critical Infrastructure Protection (“CIP”) Reliability Standards developed and managed by the North American [...] Read more

President Obama Issues Directive on Government Cyber Incident Response

Written by
Last week, President Obama issued a new Presidential Policy Directive (PPD) establishing principles to govern the federal government’s response to cyber incidents, “whether involving government or private sector entities.”  Titled “PPD-41,” the document also designates the lead federal agencies for so-called significant cyber incidents and creates an “architecture for coordinating the broader Federal Government response” to significant cyber incidents that is further described in an attached Annex. PPD-41 defines a cyber incident as: An event occurring on or conducted through [...] Read more

Alston & Bird Issues Advisory on Six Myths of Breach Response

Written by
Alston & Bird recently issued an Advisory entitled “Six Myths of Breach Response,” authored by Jim Harvey. As data breaches are on the rise, so are the challenges that businesses face in handling these security incidents. This Advisory identifies six strategic pitfalls to avoid when responding to breaches. The Advisory addresses the true significance of public notification, common mistakes in preserving attorney-client privilege, and tough choices regarding the selection of public relation, investigative, and legal counsel. Jim Harvey co-chairs Alston & Bird’s Cybersecurity Preparedness [...] Read more

Kim Peretti Named to Cybersecurity Docket’s “Incident Response 30”

Written by
Kim Peretti, partner and co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team, has been named to Cybersecurity Docket’s inaugural “Incident Response 30.” Described by the publication as the “30 best and brightest data breach response lawyers,” the list “honors incident response attorneys and compliance professionals who not only have the right stuff to manage a data breach response, but are also the kind of professionals who are critical to have on speed-dial when the inevitable data breach occurs.” Cybersecurity Docket is a comprehensive and timely [...] Read more

Alston & Bird Expands Privacy, Data Security Capabilities with New Partner in Los Angeles

Written by
Alston & Bird has announced the expansion of its Privacy & Data Security Practice in Los Angeles with partner, Michael Zweiback.  Zweiback, a former federal prosecutor, has rejoined the firm as partner in its Privacy & Data Security Practice and Government & Internal Investigations Group, bringing not only extensive experience in cybersecurity, but also an exceptional background in white collar criminal defense and government enforcement litigation. He arrives from Arent Fox LLP, where he was a partner and co-leader of its Cybersecurity and Data Protection Group. Zweiback has [...] Read more

HHS/OCR Announces Launch of HIPAA Audit Program Phase 2

Written by
Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will review the policies and procedures that covered entities and business associates have adopted and implemented to meet certain standards and implementation specifications of the HIPAA Privacy, Security, and/or Breach Notification Rules. Phase 2 will consist [...] Read more

FCC Proposes New Privacy Rules for Internet Service Providers

Written by
On March 10, 2016, the Federal Communications Commission (“FCC”) proposed new privacy and data security rules for Internet service providers (“ISPs”) that, if passed, would regulate how ISPs collect, use, share, and protect customers’ data. The notice of proposed rulemaking (“NPRM”) that FCC Chairman Tom Wheeler circulated for consideration by the full Commission is previewed in a three-page fact sheet that sets forth the proposed rules, which are built on the three core principles of choice, transparency, and security. In order to “provide the tools consumers need to make smart [...] Read more

FTC Announces Study of PCI-DSS Assessment Companies

Written by
On Monday, March 7 the Federal Trade Commission (FTC) issued a press release announcing that it had issued Orders to nine Qualified Security Assessor (QSA) companies, which are certified to assess whether or not entities involved in payment card processing, such as merchants, are compliant with the Payment Card Industry Data Security Standards (PCI DSS).  The FTC Orders request that each entity submit a Special Report within 45 days providing information on the assessment process and the companies themselves.  The reports are to include information such as the number of assessments the company [...] Read more

IBM and Alston & Bird Webinar: Cybersecurity Preparedness and Incident Response – On a Global Basis – March 29

Written by
IBM and Alston & Bird will host a webinar on Tuesday, March 29.  Security incidents are increasingly taking on a global flavor, as multi-national companies continue to expand their data footprint across the globe. At the same time, a number of countries are passing new laws and regulations regarding cybersecurity preparedness and breach notification. The response to an international cyber incident is even further complicated by differing regulatory and cultural expectations, time zone differences, privacy obligations and more issues that companies struggle with, but aren’t sure how to address. This [...] Read more

Kim Peretti on Panel at 2016 Georgetown Law Women’s Forum

Written by
Kim Peretti was a featured speaker at Georgetown Law’s 2016 Women’s Forum, titled "Opportunities in a Changing World," held on March 4. This annual program features dynamic speakers on several interactive panels. Ms. Peretti’s panel was titled "Grappling with Legal Issues in Cybersecurity" and discussed the evolving legal specialty of cybersecurity, including: whether it is necessary to have a scientific or technical background to be effective as a cybersecurity lawyer; where the field is moving in the next 5-10 years; and the greatest challenges for women in this field. In [...] Read more