Category Archives: Cybersecurity

Alston & Bird Issues Advisory on Six Myths of Breach Response

Written by
Alston & Bird recently issued an Advisory entitled “Six Myths of Breach Response,” authored by Jim Harvey. As data breaches are on the rise, so are the challenges that businesses face in handling these security incidents. This Advisory identifies six strategic pitfalls to avoid when responding to breaches. The Advisory addresses the true significance of public notification, common mistakes in preserving attorney-client privilege, and tough choices regarding the selection of public relation, investigative, and legal counsel. Jim Harvey co-chairs Alston & Bird’s Cybersecurity Preparedness [...] Read more

Kim Peretti Named to Cybersecurity Docket’s “Incident Response 30”

Written by
Kim Peretti, partner and co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team, has been named to Cybersecurity Docket’s inaugural “Incident Response 30.” Described by the publication as the “30 best and brightest data breach response lawyers,” the list “honors incident response attorneys and compliance professionals who not only have the right stuff to manage a data breach response, but are also the kind of professionals who are critical to have on speed-dial when the inevitable data breach occurs.” Cybersecurity Docket is a comprehensive and timely [...] Read more

Alston & Bird Expands Privacy, Data Security Capabilities with New Partner in Los Angeles

Written by
Alston & Bird has announced the expansion of its Privacy & Data Security Practice in Los Angeles with partner, Michael Zweiback.  Zweiback, a former federal prosecutor, has rejoined the firm as partner in its Privacy & Data Security Practice and Government & Internal Investigations Group, bringing not only extensive experience in cybersecurity, but also an exceptional background in white collar criminal defense and government enforcement litigation. He arrives from Arent Fox LLP, where he was a partner and co-leader of its Cybersecurity and Data Protection Group. Zweiback has [...] Read more

HHS/OCR Announces Launch of HIPAA Audit Program Phase 2

Written by
Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will review the policies and procedures that covered entities and business associates have adopted and implemented to meet certain standards and implementation specifications of the HIPAA Privacy, Security, and/or Breach Notification Rules. Phase 2 will consist [...] Read more

FCC Proposes New Privacy Rules for Internet Service Providers

Written by
On March 10, 2016, the Federal Communications Commission (“FCC”) proposed new privacy and data security rules for Internet service providers (“ISPs”) that, if passed, would regulate how ISPs collect, use, share, and protect customers’ data. The notice of proposed rulemaking (“NPRM”) that FCC Chairman Tom Wheeler circulated for consideration by the full Commission is previewed in a three-page fact sheet that sets forth the proposed rules, which are built on the three core principles of choice, transparency, and security. In order to “provide the tools consumers need to make smart [...] Read more

FTC Announces Study of PCI-DSS Assessment Companies

Written by
On Monday, March 7 the Federal Trade Commission (FTC) issued a press release announcing that it had issued Orders to nine Qualified Security Assessor (QSA) companies, which are certified to assess whether or not entities involved in payment card processing, such as merchants, are compliant with the Payment Card Industry Data Security Standards (PCI DSS).  The FTC Orders request that each entity submit a Special Report within 45 days providing information on the assessment process and the companies themselves.  The reports are to include information such as the number of assessments the company [...] Read more

IBM and Alston & Bird Webinar: Cybersecurity Preparedness and Incident Response – On a Global Basis – March 29

Written by
IBM and Alston & Bird will host a webinar on Tuesday, March 29.  Security incidents are increasingly taking on a global flavor, as multi-national companies continue to expand their data footprint across the globe. At the same time, a number of countries are passing new laws and regulations regarding cybersecurity preparedness and breach notification. The response to an international cyber incident is even further complicated by differing regulatory and cultural expectations, time zone differences, privacy obligations and more issues that companies struggle with, but aren’t sure how to address. This [...] Read more

Kim Peretti on Panel at 2016 Georgetown Law Women’s Forum

Written by
Kim Peretti was a featured speaker at Georgetown Law’s 2016 Women’s Forum, titled "Opportunities in a Changing World," held on March 4. This annual program features dynamic speakers on several interactive panels. Ms. Peretti’s panel was titled "Grappling with Legal Issues in Cybersecurity" and discussed the evolving legal specialty of cybersecurity, including: whether it is necessary to have a scientific or technical background to be effective as a cybersecurity lawyer; where the field is moving in the next 5-10 years; and the greatest challenges for women in this field. In [...] Read more

Administration Seeks to Renegotiate Controversial Cybersecurity Export Control

Written by and
The Obama administration will reportedly seek to renegotiate a controversial cybersecurity export control rule required to be implemented into U.S. regulations by the Commerce Department under the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.   The Wassenaar Arrangement is based on a multilateral agreement reached by the founding countries in 1995. Each participating state is responsible for implementing export controls based on annually updated control lists of munitions and dual-use goods and technologies (i.e., having both commercial and [...] Read more

CFPB Brings First Enforcement Action on Data Security

Written by
On March 2, the federal Consumer Financial Protection Bureau (CFPB) for the first time brought an enforcement action related to data security. The CFPB consent order imposes a $100,000 fine and five years of regulatory oversight for online payments provider Dwolla. The action sends a clear message that the CFPB intends to actively regulate the data security representations of consumer finance service providers. The CFP Act, passed in 2010 as part of the Dodd-Frank Act, grants the CFPB authority to take action to prevent “a covered person or service provider from committing or engaging in an [...] Read more