Category Archives: Cybersecurity

Kim Peretti Named to Cybersecurity Docket’s “Incident Response 30”

Written by
Kim Peretti, partner and co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team, has been named to Cybersecurity Docket’s inaugural “Incident Response 30.” Described by the publication as the “30 best and brightest data breach response lawyers,” the list “honors incident response attorneys and compliance professionals who not only have the right stuff to manage a data breach response, but are also the kind of professionals who are critical to have on speed-dial when the inevitable data breach occurs.” Cybersecurity Docket is a comprehensive and timely [...] Read more

Alston & Bird Expands Privacy, Data Security Capabilities with New Partner in Los Angeles

Written by
Alston & Bird has announced the expansion of its Privacy & Data Security Practice in Los Angeles with partner, Michael Zweiback.  Zweiback, a former federal prosecutor, has rejoined the firm as partner in its Privacy & Data Security Practice and Government & Internal Investigations Group, bringing not only extensive experience in cybersecurity, but also an exceptional background in white collar criminal defense and government enforcement litigation. He arrives from Arent Fox LLP, where he was a partner and co-leader of its Cybersecurity and Data Protection Group. Zweiback has [...] Read more

HHS/OCR Announces Launch of HIPAA Audit Program Phase 2

Written by
Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will review the policies and procedures that covered entities and business associates have adopted and implemented to meet certain standards and implementation specifications of the HIPAA Privacy, Security, and/or Breach Notification Rules. Phase 2 will consist [...] Read more

FCC Proposes New Privacy Rules for Internet Service Providers

Written by
On March 10, 2016, the Federal Communications Commission (“FCC”) proposed new privacy and data security rules for Internet service providers (“ISPs”) that, if passed, would regulate how ISPs collect, use, share, and protect customers’ data. The notice of proposed rulemaking (“NPRM”) that FCC Chairman Tom Wheeler circulated for consideration by the full Commission is previewed in a three-page fact sheet that sets forth the proposed rules, which are built on the three core principles of choice, transparency, and security. In order to “provide the tools consumers need to make smart [...] Read more

FTC Announces Study of PCI-DSS Assessment Companies

Written by
On Monday, March 7 the Federal Trade Commission (FTC) issued a press release announcing that it had issued Orders to nine Qualified Security Assessor (QSA) companies, which are certified to assess whether or not entities involved in payment card processing, such as merchants, are compliant with the Payment Card Industry Data Security Standards (PCI DSS).  The FTC Orders request that each entity submit a Special Report within 45 days providing information on the assessment process and the companies themselves.  The reports are to include information such as the number of assessments the company [...] Read more

IBM and Alston & Bird Webinar: Cybersecurity Preparedness and Incident Response – On a Global Basis – March 29

Written by
IBM and Alston & Bird will host a webinar on Tuesday, March 29.  Security incidents are increasingly taking on a global flavor, as multi-national companies continue to expand their data footprint across the globe. At the same time, a number of countries are passing new laws and regulations regarding cybersecurity preparedness and breach notification. The response to an international cyber incident is even further complicated by differing regulatory and cultural expectations, time zone differences, privacy obligations and more issues that companies struggle with, but aren’t sure how to address. This [...] Read more

Kim Peretti on Panel at 2016 Georgetown Law Women’s Forum

Written by
Kim Peretti was a featured speaker at Georgetown Law’s 2016 Women’s Forum, titled "Opportunities in a Changing World," held on March 4. This annual program features dynamic speakers on several interactive panels. Ms. Peretti’s panel was titled "Grappling with Legal Issues in Cybersecurity" and discussed the evolving legal specialty of cybersecurity, including: whether it is necessary to have a scientific or technical background to be effective as a cybersecurity lawyer; where the field is moving in the next 5-10 years; and the greatest challenges for women in this field. In [...] Read more

Administration Seeks to Renegotiate Controversial Cybersecurity Export Control

Written by and
The Obama administration will reportedly seek to renegotiate a controversial cybersecurity export control rule required to be implemented into U.S. regulations by the Commerce Department under the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.   The Wassenaar Arrangement is based on a multilateral agreement reached by the founding countries in 1995. Each participating state is responsible for implementing export controls based on annually updated control lists of munitions and dual-use goods and technologies (i.e., having both commercial and [...] Read more

CFPB Brings First Enforcement Action on Data Security

Written by
On March 2, the federal Consumer Financial Protection Bureau (CFPB) for the first time brought an enforcement action related to data security. The CFPB consent order imposes a $100,000 fine and five years of regulatory oversight for online payments provider Dwolla. The action sends a clear message that the CFPB intends to actively regulate the data security representations of consumer finance service providers. The CFP Act, passed in 2010 as part of the Dodd-Frank Act, grants the CFPB authority to take action to prevent “a covered person or service provider from committing or engaging in an [...] Read more

HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework

Written by
Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of Standards and Technology (NIST) and the HHS Office of the National Coordinator for Health IT – maps each administrative, physical and technical safeguard standard and implementation specification of the HIPAA Security Rule to the relevant subcategory in the Cybersecurity Framework. HHS notes that, because of the granularity of the NIST Cybersecurity [...] Read more