In a landmark ruling, the Delaware Court of Chancery has recognized that corporate officers owe the company a legal duty of oversight, which has traditionally been an obligation solely of directors, and can be sued by shareholders for breach of
Business Cyber Risk
Blog Authors
Latest from Business Cyber Risk
SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance
“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how…
Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI
On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full…
Shawn Tuma Provided Texas Bar Journal 2022 Cybersecurity & Data Privacy Year in Review Update
Shawn Tuma provided the Texas Bar Journal’s 2022: The Year In Review – Cybersecurity & Data Privacy Update which addressed the following issues: updated Texas cyber event notification requirements for Texas state banks Texas AG enforcement of data protection laws…
“Data is the hot potato!” — some data governance lessons from the Twitter Whistleblower Testimony
Hopefully you saw my recent post “Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case and it reinforced in your mind just how important it is to focus on the data when we are talking…
OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month
On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small…
“Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case
Thank you, Jamie Sorley! I have a few sayings about cybersecurity and data privacy but one of my favorites is “data is the hot potato!” When doing presentations, I love to have the attendees chant over and over in unison,…
OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month
On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for…
Feds Will Not Charge Good Faith Security Research Under the CFAA
On May 19, 2022, the U.S. Department of Justice directed prosecutors to not charge security researchers who report cybersecurity vulnerabilities in “good faith” with violations of the federal Computer Fraud and Abuse Act (CFAA). The DOJ’s press release titled Department…
Is This the Next Evolution of Cyber Risk Governance? The SEC Is About To Force CISOs Into America’s Boardrooms
The SEC is proposing to force boards to do what they haven’t done themselves, govern cyber risk. This article makes some excellent points and I believe it is logical to expect that this could be the next evolution for where…