Privacy & Data Security

By David S. Wolpa on October 17, 2018

On October 16, 2018, the Securities and Exchange Commission (SEC) issued a report on the results of investigations made by the SEC’s Division of Enforcement into nine public companies that were victims of cyber-related frauds. In each case, the SEC investigation focused on whether the target companies had complied with the applicable requirements of the Securities Exchange Act of 1934, as amended (Act). The Act requires public companies to devise and maintain a system of…

HL Chronicle of Data Protection

California Passes First-Of-Its-Kind Law Focused on Internet of Things Cybersecurity

By Timothy Tobin, Paul Otto & Asmaa Awad-Farid on October 17, 2018

Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. Starting on January 1, 2020, manufacturers of regulated connected devices are required to equip such devices with “reasonable security features” designed to protect a connected device and any information it holds from “unauthorized access, destruction, use, modification, or disclosure.” This legislation was prompted by what the bill’s sponsor viewed as…

Privacy & Information Security Law Blog

CIPL Responds to ICO Call for Views on Creating a Regulatory Sandbox

By Hunton Andrews Kurth LLP on October 17, 2018

On October 11, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted comments to the UK Information Commissioner’s Office (“ICO”) in response to its call for views on creating a regulatory sandbox.…

Data Law Insights

New Internet of Things (IoT) NIST Draft Publication Provides Welcomed Guidance

By Cheryl A. Falvey, Kate M. Growley & Michael G. Gruden on October 17, 2018

Responding to the rise of interconnected technology, the National Institute for Standards and Technology (NIST) has recently issued an introductory document in a planned series of cybersecurity publications addressing Internet of Things (IoT) privacy risks. Open for comment through October 24, 2018, the Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks aims to increase awareness of federal agencies and other organizations concerning the cybersecurity and privacy risks related to IoT…

Data Privacy Monitor

SEC Investigation Highlights BEC Risk and Need for Comprehensive Risk Assessments by Public Companies

By Andreas Kaltsounis on October 17, 2018

The Securities and Exchange Commission issued a press release and an investigative report on Oct. 16 cautioning public companies to consider cyber threats when implementing internal accounting controls. The report stems from the SEC’s investigation of nine companies that lost between $1 million and $100 million each in so-called business email compromise (BEC) frauds, in which attackers take over accounts on a company’s email system and use that access to trick company personnel into paying…

Inside Privacy

Senate Discusses a Federal Privacy Law with Privacy Experts: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act

By Jayne Ponder on October 17, 2018

On October 10, the Senate Committee on Commerce, Science, and Transportation held second hearing on data privacy that invited advocates and experts to discuss a federal privacy law. The panelists included Andrea Jelinek, director of the European Data Protection Board; Alastair Mactaggart, chair of Californians for Consumer Privacy; Laura Moy, executive director of the Georgetown Law Center on Privacy and Technology; and Nuala O’Connor, president of the Center for Democracy and Technology…

Privacy & Information Security Law Blog

CIPL to Host Side Event on Fairness in Data Protection at ICDPPC 2018

By Hunton Andrews Kurth LLP on October 17, 2018

On October 23, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP will host an official side event on The Concept of “Fairness” in Data Protection at the 40th International Conference of Data Protection and Privacy Commissioners in Brussels, Belgium.…

Ride the Lightning

Vermont Becomes the 32nd State to Adopt the Duty of Competence

By Sharon Nelson on October 17, 2018

As most RTL readers know, I track (on the heels of the inimitable Bob Ambrogi) the number of states which have adopted the duty of competence. The Vermont Supreme Court ordered amendments to the comments to Rule 1.1 of the Vermont Rules of Professional Conduct. The amendments track the 2012 changes to the ABA Model Rules of Professional Conduct, and specifically include Comment 8’s duty of technology competence: To maintain the requisite knowledge and skill,…

Data Privacy + Security Insider

Facebook Acknowledges Breach of Sensitive Data for Nearly 30 Million Users

By William Daley on October 16, 2018

As we previously noted, Facebook originally announced a breach late last month, where hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from fifty to roughly thirty million, and it acknowledged that hackers were able to view varying levels of information for different accounts. …

Privacy & Data Security Insight

Yet Another Facebook Breach: Use this opportunity to get smart about your online privacy and security

By Brian Eaton & Scot Ganow on October 16, 2018

The struggles continue for Facebook. As you hopefully know by now, on Sept. 28, the social media giant announced a security breach affecting 50 million accounts. The breach involved the theft of password tokens that allow a user to stay signed in or to sign into numerous third party applications, such as Spotify, Instagram and Yelp, among thousands of others. We thought to take the opportunity with this most recent breach to remind you about best…