Speakers: Jennifer Archie, Kevin Boyle, Gail Crawford & David Schindler The legal and business consequences of recent high-profile data breaches are varied and severe. Today, lawyers and executives for large enterprises must assess and advise on complex multi-jurisdictional notification, investigation, litigation and remedial issues that arise following a major data breach incident. How are general counsel and executives to respond to the broad spectrum of cyber intrusions that threaten a company’s most sensitive…

By Kevin Boyle and Alex Stout On Monday, the data security firm CrowdStrike released a new report pointing a digital finger at the Chinese Army for cyber espionage against western technology companies. It has long been known that some of the most serious cyber challenges stem from state-sponsored attacks using encryption, customized tools that anti-virus software cannot detect, and sophisticated means to bypass or compromise legitimate access controls.  The CrowdStrike report joins a spate of…

By Kevin Boyle and Alex Stout On Wednesday, the Attorney General of California released a new privacy guide, titled Making Your Privacy Practices Public.  The guide doesn’t purport to be a restatement of California law (or other law) and expressly disclaims that, but it does present what the AG’s office views as a best practice approach to crafting privacy disclosure materials while covering some unique California requirements.  It also highlights recent revisions to California’s…

By Jennifer Archie, Kevin Boyle & Alex Stout Yesterday, the Federal Trade Commission announced a settlement with Snapchat, the young mobile messaging company. The complaint alleges misrepresentations about functionality and related security as well as privacy violations, including misrepresenting the amount of data Snapchat collected from users and the use of location data for analytics purposes.  Notably, some of Snapchat’s troubles flow from unauthorized third party applications that exploited issues in its non-public API.…

By Kevin Boyle & Alex Stout Hardly a day passes now without some new report of a security vulnerability with inevitable breaches that follow, but Monday’s news about the two-year old vulnerability in OpenSSL is (or should be) catching everyone’s attention.  The problem is a coding error in a widely used cryptographic software library for implementing secure connections between a website (or web interface on a hardware device) and its user (typically indicated by a…

By Ulrich Wuermeling On March 4, 2014, a policy debate was held in the European Justice and Home Affairs Council concerning the planned General Data Protection Regulation. The debate focused on several issues related to Chapters I through V of the draft Regulation. The main issues were the territorial scope of the Regulation and the provisions regarding data transfers to third countries. Most of the Member State representatives in the Council opted for a far-reaching…