Privacy & Data Security

On October 16, 2018, the Securities and Exchange Commission (SEC) issued a report on the results of investigations made by the SEC’s Division of Enforcement into nine public companies that were victims of cyber-related frauds.  In each case, the SEC investigation focused on whether the target companies had complied with the applicable requirements of the Securities Exchange Act of 1934, as amended (Act). The Act requires public companies to devise and maintain a system of…
Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. Starting on January 1, 2020, manufacturers of regulated connected devices are required to equip such devices with “reasonable security features” designed to protect a connected device and any information it holds from “unauthorized access, destruction, use, modification, or disclosure.” This legislation was prompted by what the bill’s sponsor viewed as…
Responding to the rise of interconnected technology, the National Institute for Standards and Technology (NIST) has recently issued an introductory document in a planned series of cybersecurity publications addressing Internet of Things (IoT) privacy risks.  Open for comment through October 24, 2018, the Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks aims to increase awareness of federal agencies and other organizations concerning the cybersecurity and privacy risks related to IoT…
The Securities and Exchange Commission issued a press release and an investigative report on Oct. 16 cautioning public companies to consider cyber threats when implementing internal accounting controls. The report stems from the SEC’s investigation of nine companies that lost between $1 million and $100 million each in so-called business email compromise (BEC) frauds, in which attackers take over accounts on a company’s email system and use that access to trick company personnel into paying…
On October 10, the Senate Committee on Commerce, Science, and Transportation held second hearing on data privacy that invited advocates and experts to discuss a federal privacy law. The panelists included Andrea Jelinek, director of the European Data Protection Board; Alastair Mactaggart, chair of Californians for Consumer Privacy; Laura Moy, executive director of the Georgetown Law Center on Privacy and Technology; and Nuala O’Connor, president of the Center for Democracy and Technology
As most RTL readers know, I track (on the heels of the inimitable Bob Ambrogi) the number of states which have adopted the duty of competence. The Vermont Supreme Court ordered amendments to the comments to Rule 1.1 of the Vermont Rules of Professional Conduct. The amendments track the 2012 changes to the ABA Model Rules of Professional Conduct, and specifically include Comment 8’s duty of technology competence: To maintain the requisite knowledge and skill,…
As we previously noted, Facebook originally announced a breach late last month, where hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from fifty to roughly thirty million, and it acknowledged that hackers were able to view varying levels of information for different accounts. …
The struggles continue for Facebook. As you hopefully know by now, on Sept. 28, the social media giant announced a security breach affecting 50 million accounts. The breach involved the theft of password tokens that allow a user to stay signed in or to sign into numerous third party applications, such as Spotify, Instagram and Yelp, among thousands of others. We thought to take the opportunity with this most recent breach to remind you about best…