Category Archives: Data Breach

FTC Updates IdentityTheft.gov Website

Written by
The Federal Trade Commission (FTC) has announced updates to the IdentityTheft.gov website aimed at making the site more useful to victims of identity theft. The changes will enable consumers to quickly file complaints and develop a personalized recovery plan after answering a number of questions on the site. “Our hope is that this is going to make it much easier for consumers to start on their road to recovery,” FTC Chairwoman Edith Ramirez said during a news conference revealing the changes. “Having one easy set of steps to understand what [the recovery process] entails and getting a [...] Read more

The Importance of Strategic Vendors in Breach Response

Written by and
Alston & Bird recently issued an Advisory, co-authored by Jim Harvey and Karen Sanzaro, on the complexities of managing a data breach that implicates strategic third party vendor relationships. Cybercrime and data security incidents are on the rise.  Security breaches and the ensuing investigation and remediation process can be costly and complex.  The process is further complicated if the breach implicates a company’s third party service provider, or the services provided by such third party, particularly where the services or the service provider are strategic or essential to a company’s [...] Read more

FTC and Wyndham Settle Data Security Allegations

Written by
On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corp., Wyndham Hotel Group LLC, Wyndham Hotels and Resorts, LLC, and Wyndham Hotel Management, Inc. (“Wyndham”) had agreed to settle FTC charges that the company’s security practices unfairly exposed the payment card information of consumers to hackers in three separate data breaches between April 2008 and January 2010.  Wyndham initially challenged the FTC’s authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act’s unfairness prong which resulted in litigation [...] Read more

FTC’s Ability to Regulate Data Security Potentially Limited in FTC v. LabMD

Written by and
A November 13, 2015 decision from the Federal Trade Commission’s Chief Administrative Law Judge, D. Michael Chappell, calls into question FTC enforcement in the data privacy space.  The case began when the FTC filed a complaint on August 28, 2013 after an employee of LabMD, a cancer detection laboratory, downloaded peer-to-peer (“P2P”) software that exposed patient information on the file sharing network (also known as “1718 File”). An online security firm named Tiversa found this file on a peer-to-peer file-sharing network in 2008 and used it to solicit work protecting LabMD’s data. The [...] Read more

Alston & Bird Partners Speak at NAWL General Counsel Institute

Written by
Kim Peretti, partner and co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team, and Allison Ryan, partner, were speakers in the session "The Role of In-House Counsel in Cybersecurity in Both the Pre- and Post-Breach Worlds" at the 11th Annual General Counsel Institute. The Institute took place November 5-6 in New York and was hosted by the National Association of Women Lawyers (NAWL). Predicting data breaches and cyber threats to a company’s network can be extremely difficult, if not impossible.  Today the in-house lawyer’s role in cybersecurity must begin [...] Read more

FFIEC Warns of Increase in Cyber Attacks Involving Extortion, Encourages Financial Institutions to Develop Response Programs

Written by
Last week, the Federal Financial Institutions Examination Council (FFIEC) issued a joint statement warning of an “increasing frequency and severity of cyber attacks involving extortion.” The statement warned that criminals have been extorting financial institutions using a variety of tactics, including denial of service attacks, theft of sensitive information, and use of “ransomware,” which is software that prevents legitimate users from accessing company files unless a ransom is paid. To protect against these attacks, the FFIEC encouraged financial institutions to “develop and implement [...] Read more

Jan Dhont Presents at Privacy + Security Forum

Written by
Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice, presented at the First Annual Privacy + Security Forum in Washington, DC on October 22.  Jan spoke on BCRs with specific focus on their interoperability with CBPRs.  The forum combined privacy and security, which often exist in separate silos.  The attendees included privacy professionals, security professionals, chief information officers, law firm attorneys, policymakers, academics, experts from NGOs and think tanks, and technologists. To review the presentation slides, please click here. [...] Read more

Kim Peretti to Speak at Today’s General Counsel Institute

Written by
Kim Peretti, partner and co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team, will speak at “The Exchange” Data Privacy and Cybersecurity Forum in Washington, DC from November 4-5. The forum is being presented by Today’s General Counsel Institute.  Kim will be presenting on the topic “Breach Response: What Do I Do Now?”  The session will cover: What skills and best practices do you need? External experts on retainer What is “reasonable”? Recovering from the inevitable loss of data How best to report breaches to the public? …to the government [...] Read more

Alston & Bird to Host Live Program and Webinar on National Security, Espionage, and Data Breaches

Written by
On October 29, Alston & Bird’s Cybersecurity Preparedness & Response Team will host a live program and webinar called National Security, Cyber Espionage and “Bulk PII” Breaches in our Washington, DC office.  The program will examine the recent phenomenon of allegedly state-sponsored actors executing major cyber-attacks specifically targeting large databases of personal data for espionage purposes.  Speakers on the panel will include our own Senior Counsel Peter Swire; Luke Dembosky, Deputy Assistant Attorney General, National Security Division, U.S. Department of Justice; and Charles [...] Read more

California Updates Data Breach Notification Statute; Provides Model Notification Form

Written by
On October 6, California Governor Jerry Brown signed into law two different updates to California’s data breach notification statute. Both updates will become effective on January 1, 2016. The first update, AB 964, defines "encrypted" for purpose of the statute to mean ”rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information technology.” The second amendment to the statute this year, SB570, requires notices of data breaches that are sent to individuals to be titled “Notice of [...] Read more