Latest Articles

The deadline to comply with the GDPR’s complex and far ranging requirements is rapidly approaching.  As your organization races to implement its compliance program before the May 25, 2018 effective date, questions and concerns are likely to arise.  While there is no shortage of online guidance on the GDPR, finding answers to your specific questions and concerns, and assuring those answers come from credible sources, can be daunting.  But we’re here to help.  Below are…
The flood of massive data breaches – including, most recently, the Equifax breach that compromised the personal data of around 145 million U.S. consumers – has increased the pressure on Congress to pass sweeping federal data security and breach reporting legislation. While it’s difficult to project whether such legislation will be enacted in the near future, and what it will look like in the event that it is, an important and contentious question has already…
The deadline to comply with the first set of requirements under the new DFS Cybersecurity Regulations (“the Regulations”) is here! By today, August 28, 2017, businesses subject to the Regulations must ensure that they: Designate a Chief Information Security Officer (“CISO”) Establish a Cybersecurity Program Develop a Written Cybersecurity Policy. We have prepared an article and a webinar to help subject businesses gain a better understanding of this first set of requirements.  As future compliance…
That an actual breach of client information could expose your law firm to legal and business risks is unsurprising.  The risks posed by a potential breach, however, may be something your firm has not yet carefully considered – but needs to.  As we discussed during our recent webinar, law firms face a variety of cybersecurity-related risks.  Firms have been targeted by cybercriminals with increased frequency in the past few years, and clients are growing…
The Association of Corporate Counsel (ACC), which represents over 42,000 in-house counsel across 85 countries, recently released its ACC Chief Legal Officers (CLO) 2017 Survey which found that two-thirds of in-house legal leaders ranked data protection and information privacy as ‘very’ or ‘extremely’ important.  In response to this growing concern, the ACC recently released “first-of-its-kind” safety guidelines to help “in-house counsel as they set expectations with their outside vendors, including outside counsel.” Firms concerned about
As we’ve noted previously, President-elect Trump’s campaign was light on details about his plans to address cybersecurity. However, his announcement yesterday that Thomas P. Bossert will serve as his assistant for homeland security and counterterrorism, a position equal in status to national security advisor according to the transition team, may offer greater insight into the President-elect’s intentions and plans for cybersecurity and related issues. Mr. Bossert, who served as a top homeland security advisor to the…
New York Governor Andrew M. Cuomo announced yesterday a new proposed regulation to address the growing threat posed by cyber-attacks. According to the State’s press release, the proposed regulation, which is subject to a 45-day notice and public comment period before final issuance, “aims to protect consumer data and financial systems from terrorist organizations and other criminal enterprises.”  In the past 18 months, several other states – including Connecticut, Nevada, and Washington –…
Likely because most victims comply with their demands, the incidence of attacks by ransomware hackers has exploded in 2016. Guidance issued by the U.S. Department of Health and Human Services (“HHS”) in July notes that, on average, there have been 4,000 reported ransomware attacks per day thus far in 2016, far exceeding the average of 1,000 attacks per day last year. What Is Ransomware? Ransomware is a type of malware that denies the affected user…
Last month, the European Union and U.S. officials announced final approval of the EU-U.S. Privacy Shield (Privacy Shield), replacing the Safe Harbor which was invalidated by the Court of Justice of the European Union in October 2015.  Like it predecessor, the Privacy Shield will allow organizations based in the United States to self-certify compliance with the Privacy Shield’s requirements permitting personal data of EU subjects to be transferred to the U.S., but with an enhanced enforcement regime,…
While data breach incidents affecting the entertainment, retail, healthcare, and financial industries have garnered more attention in past years, the data breach spotlight recently shifted to law firms. This shift was triggered by media coverage of the breach and leak of the Panama Papers, and by reports that, in 2015, hackers breached the networks of two well-known and highly-regarded U.S.-based firms, Cravath, Swaine & Moore and Weil, Gotshal & Manges. It also has been