Board Governance & Cyber Risk Management

NIST Releases Updated Cyber Framework V1.1

December 6, 2017 By Privacy, Cyber & Data Strategy Team

On December 5, 2017, the National Institute of Standards and Technology (NIST) released a revised draft of its proposed updates to its Framework for Improving Critical Infrastructure Cybersecurity. The revised draft includes a new section on communicating with stakeholders about cybersescurity requirements, addresses stakeholder concerns regarding cybersecurity supply chain risk management and measuring cybersecurity risks […]

Bill Proposes Jail Time for Executives Who Conceal Data Breaches

December 4, 2017 By Privacy, Cyber & Data Strategy Team

On November 30, 2017, a group of U.S. senators re-introduced a bill, known as the Data Security and Breach Notification Act, which seeks to impose criminal liability of up to five years of jail time on any corporate executive convicted of “intentionally and willfully” concealing a data breach. The bill also proposes that the Federal […]

Challenge to Privacy Shield Dismissed by EU General Court

November 29, 2017 By Daniel Felz

In October of last year, we reported that digital rights advocacy group Digital Rights Ireland (“DRI”) had brought an action to annul the EU-U.S. Privacy Shield. DRI filed its challenge before the General Court of the European Union, which is the court of first instance in the EU system with exclusive jurisdiction over challenges to […]

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 5 of 5

November 27, 2017 By Daniel Felz

Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it […]