Latest Articles

Elliot Golding, in a podcast interview with Healthcare InfoSecurity, discusses progressing healthcare privacy and security issues, especially complex issues involving Internet of Things (IoT) devices. Topic points include, new risks when connected devices link to legacy systems, the applicable regulatory environment, and other important issues companies operating in the health care space need to confront with new technologies. The interview closes with practical recommendations to help companies recognize and address these privacy and cybersecurity…
In a first of its kind, the SEC recently fined Yahoo US$35 million for failing to assess and disclose a 2014 data breach that affected over 500 million user accounts. What caused the SEC to charge Yahoo with cybersecurity-related disclosure violations?  Our colleagues Tara Swaminatha and Coates Lear have prepared an analysis of this enforcement action, including the post-breach information relayed by Yahoo’s Security team to its executives. The analysis may be read here.…
Ann LaFrance has published an article in this month’s Cyber Security Practitioner on a recent report by the European Union Agency for Network and Information Security on cybersecurity issues in relation to emerging technologies, including: The Internet of Things (IoT) Autonomous systems (e.g., vehicles) Next-generation virtualized infrastructures (e.g., software-defined networks and 5G) Upcoming societal challenges related to end-user behaviors Virtual and augmented reality The Internet of Bio-Nano Things AI and Robotics…
In her fourth installment of “Cybersecurity Law” for CSO, Tara Swaminatha focuses on communications planning as part of an incident response plan (IR). Many companies are now rightfully revisiting their IR protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan is just one piece of a larger, more complex cybersecurity program, it is nevertheless a critical component and one that…
Our March 22, 2018 our readers were directed to a post published on our sister Anticorruption Blog which discussed the at the time proposed The CLOUD Act.  The act was signed into law as part of the Omnibus Spending Bill on March 23, 2018.  In Part 2 of her article, Ericka Johnson focuses on The Act’s vocal critics who raise privacy concerns and addresses the EU’s  cautious approach. Regardless of its merits, the new law…
In Part 1 of an upcoming series of posts on our sister Anticorruption Blog, DC-based associate Ericka Johnson explores the recently proposed CLOUD Act and the increasing gap between technology and the law. Of special interest to our readers, The CLOUD Act updates standards for when governments may be able to obtain information stored outside of their jurisdiction and clarifies that a warrant served on a U.S. provider may reach data stored overseas, to include…
On March 16, 2018, a unanimous panel of the US Court of Appeals for the District of Columbia Circuit vacated two rulings from the FCC’s 2015 declaratory ruling and order concerning the Telephone Consumer Protection Act (TCPA). The DC Circuit’s decision is a victory for companies that have been seeking clarity from the FCC as to how to comply with the TCPA.   In its decision the Court addressed the four challenges raised by petitioners: ATDS,…
Eduardo Guzmán has written an article for Law360 regarding the Telephone Consumer Protection Act (TCPA) with relation to voice over internet protocol (VoIP) services. Much like the explosion in the use of mobile devices dramatically changed how the TCPA has been enforced and applied, emerging technologies like VoIP threaten to alter the TCPA landscape in ways that would have been unpredictable when the statute was enacted in 1991. The TCPA does not mention VoIP or…
On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data.  While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were not contemplated back in 1986 – the year of SCA’s enactment. For a fuller examination of the arguments see the…
Last week, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations released its enforcement priorities for 2018.  Making the list for the fifth year in a row, cybersecurity was emphasized as a focus for the SEC in the coming year. In a recent post on Squire Patton Boggs’ anticorruption blog, Coates Lear, Tara Swaminath, and Elizabeth Weil Shaw discuss the announcement, as well as the implications of the SEC’s recent and…