Alston & Bird’s Cybersecurity Preparedness and Response (CPR) team recently partnered with Stroz Friedberg and Brunswick Group to conduct a comprehensive, all day breach preparedness and response training session for A&B team members. Approximately 35 members of the firm participated in this in person multi-disciplinary training session. CPR team members shared their experiences and insight […]
Security Breach
Third Circuit Affirms FTC’s Authority to Regulate Data Security
On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here […]
Amended Washington Data Breach Law Requires Attorney General Notification, Imposes 45-Day Notice Time Limit
Earlier this year, Washington passed an amended version of its data breach notification law, which goes into effect Friday July 24, 2015. Washington’s updated breach notification statute will now, among other things, require compromised entities to notify the state Attorney General (AG) in some circumstances, and require notification to both consumers and, as applicable, the […]
Connecticut Passes Bill to Require Identity Theft Protection Services In Certain Breaches
On June 11, Connecticut SB949 became a Public Act, after being passed by both chambers of the state legislature. Governor Dannel Malloy can now either sign the bill or take no action for it to become law. SB949 will, among other provisions, require companies that experience a security breach requiring notice to individuals under Connecticut […]
FTC Looks “More Favorably” Upon Companies That Report Data Breaches to Law Enforcement
The Federal Trade Commission recently announced that it views companies that report data breaches to appropriate law enforcers “more favorably” than those companies that are less cooperative. Mark Eichorn, Assistant Director in the Bureau of Consumer Protection’s Division of Privacy and Identity Protection, included the announcement in a May 20, 2015 blog post, describing a […]