Category Archives: Cybersecurity

Rhode Island Updates Identity Theft Protection Act; Requires Notice Within 45 Days of Data Breach

Written by
In the absence of action by the U.S. Congress to pass a national data breach notification law, many states stepped into the breach to update their laws this year to add more specific notice guidelines, a requirement to notify the state’s attorney general or another state official, and to require entities that maintain personal information to implement risk-based data security standards. Rhode Island has now joined that group. On June 26, Rhode Island Governor Gina Raimondo signed Senate Bill 0134, the Rhode Island Identity Theft Protection Act of 2015 (the “2015 Act”), which substantially [...] Read more

Alston & Bird Issues an International Trade & Regulatory/Cybersecurity Advisory on Proposed New Export Requirements for Cybersecurity Products and Technologies

Written by
Alston & Bird recently issued an Advisory on a new regulation proposed by the Department of Commerce’s Bureau of Industry Security (BIS), which would require certain developers, manufacturers, and users of cybersecurity intrusion and surveillance items to obtain export licenses before conducting business and performing their work—even when working with their affiliated companies or with business partners in the most closely allied countries.  The new requirement is being implemented pursuant to the United States’ commitments under the Wassenaar Arrangement on Export Controls for Conventional [...] Read more

Alston & Bird Attorneys Honored with 2015 Burton Award

Written by
Partners Kimberly Peretti and Jessica Corley, Senior Associate Kelley Barnaby, and Associate Lauren Tapson were honored with a 2015 Burton Award for Legal Achievement for their analysis of the corporate governance risks associated with cyber-attacks and the critical role played by boards of directors in addressing those risks. William Burton, author of Burton’s Legal Thesaurus, started the Burton Awards in 1999 to honor clarity, knowledge, and innovation demonstrated in a published legal article.  The winners are chosen from entries submitted by the nation's 1,000 largest and most prestigious [...] Read more

Kim Peretti and Jason Wool co-author CIO Insight article on Cyber-Risk Management

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, and Jason Wool, an associate in the firm’s Technology and Privacy Group and Security Incident Management & Response Team, along with Kiersten Todt and Roger Cressey of Liberty Group Ventures, LLC, coauthored the CIO Insight article, “Five Steps to Strengthening Cyber-Defenses.” In the article, Peretti et al discuss five risk management steps that companies can take to better manage cyber-risk and reduce their liability exposure after a breach occurs.  These steps include changing corporate culture [...] Read more

Oregon Updates and Expands Data Breach Statute

Written by
Oregon has updated its data breach notification statute to broaden the definition of personal information that will trigger notice to individuals and add the requirement to notify the state’s Attorney General of certain breaches. Oregon Governor Kate Brown signed into law SB601 on June 10, and it was enrolled on June 15. The bill updates the Oregon Consumer Identity Theft Protection Act of 2007 (the “Act”). The changes to the Act become effective on January 1, 2016 and apply only to data breaches that occur on or after that date. The expanded definition of “personal information” that [...] Read more

The Supreme Court To Resolve Whether a Violation of a Statutory Right Confers Article III Standing

Written by and
The Supreme Court’s recent decision to hear the appeal in Spokeo, Inc. v. Robins may have significant implications for data breach litigation in particular and consumer class action litigation generally. At issue is whether a plaintiff who has suffered no actual injury or harm nonetheless has standing under Article III of the United States Constitution to seek recovery in federal court based on an alleged violation of a statutory right. Depending on how the Supreme Court resolves the issue, companies defending data breach lawsuits and other consumer class actions may find it tougher to obtain [...] Read more

DOJ Issues Data Breach Guidance

Written by
On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section (CCIPS) Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices.  The document was announced at an invitation-only round table hosted by DOJ and provides guidance on what DOJ regards as “best practices for victims and potential victims to address the risk of data breaches, before, during and after cyber-attacks and intrusions.”  The document was prepared with input from federal prosecutors as well as private sector companies that experienced cybersecurity [...] Read more

Kim Peretti Quoted by CIO on Talking To Boards About Cybersecurity Risks

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was quoted in a CIO article on April 27 titled, “Boards are on high alert over security threats.” The risk of a cyberattack is a concern that is fast becoming omnipresent for corporate directors across industries. “It's not just financial services firms or regulated companies--everyone is interested now,” she said. That interest is leading boards to put a high priority on their cyber risk education and preparedness. While it is important that boards are aware of the big picture when it comes to [...] Read more

NAIC Publishes Principles for Effective Cybersecurity

Written by
The National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force adopted Principles for Effective Cybersecurity Insurance Regulatory Guidance on April 16, 2015. The document identifies types of safeguards regulators expect insurers to have in place to protect consumers from cybersecurity breaches. The guiding principles are intended to establish insurance regulatory guidance that promotes coordination and protects insurance consumers. The principles themselves say that “[s]tate insurance regulators should collaborate with insurers, insurance producers and the federal government [...] Read more

DOJ to Host Cybersecurity Roundtable on Data Breaches

Written by
On April 29, 2015, the Department of Justice’s Criminal Division will host a cybersecurity industry roundtable on data breaches. The event, which will include audience question and answer sessions, will focus on a range of recent industry developments. The event will feature a discussion of cybersecurity from the national security perspective by John P. Carlin, Assistant Attorney General in the National Security Division; a conversation on government-industry interaction featuring James C. Trainor, Acting Assistant Director of the Cyber Division at the FBI, and Stuart J. Tryon, Special Agent [...] Read more