Cybersecurity

Are You Ready for Canada’s New Privacy Breach Rules?

October 31, 2018 By Maki DePalo

Mandatory privacy breach notification, reporting and record-keeping obligations under Canada’s federal data protection law called the Personal Information Protection and Electronic Documents Act (PIPEDA) will come into force as of November 1, 2018. Earlier this year, the Canadian government published new privacy-related obligations under PIPEDA. PIPEDA applies to private-sector organizations and sets the ground rules […]

SEC Investigative Report Cautions Public Companies to Consider Cyber Threats When Implementing Internal Accounting Controls

October 22, 2018 By Kate Hanniford and Privacy, Cyber & Data Strategy Team

The Securities and Exchange Commission issued an investigative report last week cautioning public companies to consider cyber incidents and threats when implementing internal accounting controls. The report details the SEC Enforcement Division’s investigations of nine public companies that were victims of cyber-related fraud schemes to determine whether the companies may have violated the federal securities […]

DOJ Releases “Best Practices for Victim Response and Reporting of Cyber Incidents,” Version 2.0

October 2, 2018 By Privacy, Cyber & Data Strategy Team

On September 27, 2018, the Department of Justice Computer Crime and Intellectual Property (CCIPS) Cybersecurity Unit released Version 2.0 of its “Best Practices for Victim Response and Reporting of Cyber Incidents.” Originally issued in 2015, the updated guidance seeks to help organizations better equip themselves to be able to respond effectively and lawfully to cyber […]

SEC Brings First Enforcement Action for Violation of the Identity Theft Red Flags Rule

September 27, 2018 By Cybersecurity Preparedness & Response Team and Securities Litigation Group

On September 26, 2018, the SEC brought its first ever enforcement action for violations of Regulation S-ID (the “Identity Theft Red Flags Rule”), 17 C.F.R. § 248.201, in addition to violations of Regulation S-P, 17 C.F.R. 30(a) (the “Safeguards Rule”). Regulation S-ID and Regulation S-P apply to SEC-registered broker-dealers, investment companies, and investment advisers, and […]

Ohio Enacts Cybersecurity Safe Harbor Law

September 20, 2018 By Privacy, Cyber & Data Strategy Team

Ohio recently enacted the Ohio Data Protection Act (2018 SB 220), a law that offers a breach litigation safe harbor to businesses meeting specific cybersecurity standards. While the law does not prevent a plaintiff from filing a lawsuit following a data breach, it does provide an affirmative defense to companies defending themselves against such claims. […]