Category Archives: Cybersecurity

FTC Updates Data Security Guidance for Businesses

Written by
In June, the Federal Trade Commission released a new guide for businesses on implementing sound data security protections and procedures. In “Protecting Personal Information: A Guide For Business,” the FTC offers “10 practical lessons” based on the numerous enforcement actions brought by the FTC. The guide offers insight into the thinking of this key federal regulator. Key points from the guide: “Start with Security.” Build information security considerations into business processes so that they are part of “the decisionmaking in every department of your business.” The FTC [...] Read more

Alston & Bird Issues Cyber Alert on the New Chinese Cybersecurity Law and Regulations

Written by
On Monday, June 26, 2017, Alston & Bird’s Kim Peretti, Justin Hemmings, and Emily Poole issued an advisory on recent changes in Chinese Cybersecurity Law. The new law asserts greater control over all data collection and generation in China, as well as the processing of data from Chinese data subjects. While the law entered into force on June 1, 2017, there is still uncertainty as to how the law will be interpreted and enforced, including which companies are subject to the law. The Advisory explores the scope and requirements of the Cybersecurity Law and reasonable interpretations of the [...] Read more

Fourth Circuit Court of Appeals Allows Wikimedia Upstream Suit to Proceed

Written by
On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First Amendment claims against the NSA’s Upstream surveillance program, while a 2-1 majority upheld the dismissal of the eight other organizations joined as co-plaintiffs. The Court held that Wikimedia’s complaint contained sufficient factual allegations to determine Article III standing and that the District Court misapplied Clapper v. Amnesty International USA’s analysis of [...] Read more

President Trump Signs Long-Awaited Cyber Executive Order

Written by
On May 11, 2017, President Trump signed a long-awaited executive order on cybersecurity (the “Order”).  The Order directs executive agencies to complete a risk management report based on the NIST Cybersecurity Framework (the “Framework”) and also requires the Department of Homeland Security (DHS) and other agencies to undertake activities in support of effective cybersecurity risk management for operators of critical infrastructure.  More generally, the Order directs several agencies to submit reports to the President on a varied set of cybersecurity-related topics.  These measures demonstrate [...] Read more

Outbreak of “WannaCry” and “Wanna Decryptor” Ransomware Affects Companies Across the Globe

Written by
On Friday, May 12, companies in countries across the globe witnessed an unprecedented malware outbreak as ransomware labeled “WannaCry” and “Wanna Decryptor” infected a large range of critical systems. The malware exploits a vulnerability in older versions of Microsoft’s Windows, locks the systems it infects, and threatens to delete files unless a bitcoin ransom is paid. What happened? An attacker or group of attackers unleashed a wave of ransomware infections beginning on Friday, May 12. More so than previous attacks, this outbreak resulted in substantial disruption to regular [...] Read more

A Look Into Europe’s New Cybersecurity Regimes

Written by

Europe is facing two important reforms addressing cybersecurity, which will apply in 2018. Jan Dhont and Delphine Charlot outlined the details of these regimes in an article for the Society of Corporate Compliance and Ethics, which you can read here.

New York Attorney General Announces Record Number of Data Breach Notices in 2016

Written by
On March 21, 2017, New York Attorney General (NYAG) Eric T. Schneiderman announced that his office had received a record breaking 1,282 data breach notices to his office affecting 1.6 million New York residents during 2016. Compared to 2015, these figures represent a 60 percent increase in the number of notices and a 300 percent increase in the number of New York residents affected. These research figures build on the NYAG’s 2014 report “Information Exposed: Historical Examination of Data Security in New York State,” which analyzed eight years of security breach statistics in New York from [...] Read more

Australia Adopts New Data Breach Notification Legislation

Written by
On February 13, 2017 Australia became one more among nation states adopting data breach notification legislation. In recent House and Senate votes, the Australian Parliament amended the Privacy Act 1988, introducing mandatory data breach notification requirements for entities regulated by the Privacy Act. Who is Subject to the New Legislation? The recent bill requires entities with revenue over $3 million AUD ($2.3 million USD) and certain credit reporting bodies and recipients of tax file number information to notify both the Australian Information Commissioner and affected individuals “as [...] Read more

New York Financial Services Regulator Issues Revisions to Proposed Cybersecurity Regulation

Written by
Today, the New York Department of Financial Services (DFS) released a revised version of the proposed cybersecurity regulations that it first issued in September.  According to a press release issued by DFS Superintendent Vullo, the new version of the proposed rules will be finalized following a 30-day notice and public comment period. Among the most notable changes are an extension of the effective date to March 1, 2017, an array of longer transition periods for various sections of the regulation, increased emphasis on risk assessment, and a slight reduction in the extremely broad scope of [...] Read more

Center for Cyber & Homeland Security Issues Report on How the Private Sector Can Actively Defend Against Cyber Threats

Written by
Earlier this year, the Center for Cyber & Homeland Security at the George Washington University (“Center”) announced a new project on active defense against cyber threats. The Center  established a high-level task force to examine these issues.  The task force included prominent cybersecurity and industry experts, including Alston & Bird partner Michael Zweiback. The Task Force successfully released its final report in October. It is available here. The report comes at a time when cyber vulnerabilities have been exploited by hostile state and non-state actors in cyberspace [...] Read more