Category Archives: Cybersecurity

FTC Updates IdentityTheft.gov Website

Written by
The Federal Trade Commission (FTC) has announced updates to the IdentityTheft.gov website aimed at making the site more useful to victims of identity theft. The changes will enable consumers to quickly file complaints and develop a personalized recovery plan after answering a number of questions on the site. “Our hope is that this is going to make it much easier for consumers to start on their road to recovery,” FTC Chairwoman Edith Ramirez said during a news conference revealing the changes. “Having one easy set of steps to understand what [the recovery process] entails and getting a [...] Read more

Peter Swire Debates Max Schrems

Written by
As previously announced, Alston & Bird Senior Counsel Peter Swire debated European privacy activist Max Schrems at an event sponsored by the Brussels Privacy Hub. Max Schrems opened the debate by defending the European Court of Justice (ECJ) decision invalidating Safe Harbor, characterizing it as a victory over mass surveillance by the U.S. National Security Agency (NSA). Schrems emphasized, however, that the ECJ decision should not be seen as an anti-American decision and suggested that European surveillance practices themselves may deserve to be further challenged. Peter Swire’s [...] Read more

Information Sharing Law Finally Passed

Written by
After years of vigorous debate and numerous bills aimed at incentivizing cyber threat intelligence sharing having failed to become law, on December 18, 2015, President Obama signed an omnibus spending bill containing the Cybersecurity Information Sharing Act of 2015 (“CISA”). The statute is located in Title I of Division N of the bill, beginning on page 1728. Passage of CISA is a major victory for cybersecurity proponents in Congress and the private sector, many of whom have called for information sharing legislation for years. Although the Act raises some significant privacy concerns, the [...] Read more

EU Institutions Adopt First Pan-European Legislation on Cybersecurity

Written by
On December 7, 2015, after more than two years of legislative consideration, the European Union adopted the Directive on Network and Information Security (“NIS Directive”).  Under the NIS Directive, operators of essential services will be required to take appropriate security measures and report cybersecurity incidents.  The official text of the NIS Directive is not available but is expected to be published on or around December 18, 2015. The so-called “trilogue” negotiations among the EU institutions revealed substantial differences on key elements, including: (1) the scope of the [...] Read more

Moody’s Identifies Cyber Risk As Key Factor in Credit Ratings

Written by
In a report released November 23, Moody’s Investors Service announced that the implications of cyber threats could start taking a higher priority in its credit analysis. Moody's said it views cyber threats as similar to other extraordinary event risks, such as a natural disaster. "While we do not explicitly incorporate cyber risk as a principal credit factor today, our fundamental credit analysis incorporates numerous stress-testing scenarios, and a cyber event could be the trigger for one of those stress scenarios," said Jim Hempstead, Moody's Associate Managing Director and lead author of [...] Read more

FTC’s Ability to Regulate Data Security Potentially Limited in FTC v. LabMD

Written by and
A November 13, 2015 decision from the Federal Trade Commission’s Chief Administrative Law Judge, D. Michael Chappell, calls into question FTC enforcement in the data privacy space.  The case began when the FTC filed a complaint on August 28, 2013 after an employee of LabMD, a cancer detection laboratory, downloaded peer-to-peer (“P2P”) software that exposed patient information on the file sharing network (also known as “1718 File”). An online security firm named Tiversa found this file on a peer-to-peer file-sharing network in 2008 and used it to solicit work protecting LabMD’s data. The [...] Read more

Alston & Bird Partners Speak at NAWL General Counsel Institute

Written by
Kim Peretti, partner and co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team, and Allison Ryan, partner, were speakers in the session "The Role of In-House Counsel in Cybersecurity in Both the Pre- and Post-Breach Worlds" at the 11th Annual General Counsel Institute. The Institute took place November 5-6 in New York and was hosted by the National Association of Women Lawyers (NAWL). Predicting data breaches and cyber threats to a company’s network can be extremely difficult, if not impossible.  Today the in-house lawyer’s role in cybersecurity must begin [...] Read more

Jan Dhont Presents at Privacy + Security Forum

Written by
Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice, presented at the First Annual Privacy + Security Forum in Washington, DC on October 22.  Jan spoke on BCRs with specific focus on their interoperability with CBPRs.  The forum combined privacy and security, which often exist in separate silos.  The attendees included privacy professionals, security professionals, chief information officers, law firm attorneys, policymakers, academics, experts from NGOs and think tanks, and technologists. To review the presentation slides, please click here. [...] Read more

Kim Peretti to Speak at Today’s General Counsel Institute

Written by
Kim Peretti, partner and co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team, will speak at “The Exchange” Data Privacy and Cybersecurity Forum in Washington, DC from November 4-5. The forum is being presented by Today’s General Counsel Institute.  Kim will be presenting on the topic “Breach Response: What Do I Do Now?”  The session will cover: What skills and best practices do you need? External experts on retainer What is “reasonable”? Recovering from the inevitable loss of data How best to report breaches to the public? …to the government [...] Read more

Kim Peretti Presents at FCC Cybersecurity Forum

Written by
Kim Peretti, partner and co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team, was a featured speaker at the Cybersecurity Forum for Independent and Executive Branch Regulators, organized by the Federal Communications Commission and the Federal Reserve Board on October 16. The Forum, which was held at FCC headquarters in Washington, D.C., focused on primary issues and the possible solutions for information sharing and cybersecurity as relevant to regulatory agencies.  Kim presented an overview of legal challenges in cybersecurity information sharing in a moderated [...] Read more