Tag Archives: cybersecurity

Proposed Federal Cybersecurity Rules

The Federal Reserve Board, FDIC, and OCC issued an advance notice of proposed rulemaking (the “Proposed Rules”) on October 19 for enhanced cybersecurity standards on large banks (those with assets totaling $50 billion or more), non-bank financial companies, financial market infrastructures, financial market utilities, and third party providers that service those entities. The Proposed Rules … Continue Reading

Data Breach Costs Rise to $4 Million Globally, $7 Million in the U.S.

According to the Ponemon Institute 2016 Cost of Data Breach Study (sponsored by IBM), the total cost a company should expect to spend in response to a data breach has once again increased both globally and in the United States. The average cost paid for each lost or stolen record containing sensitive and confidential information … Continue Reading

Is Your Company Complying with the SEC’s Safeguards Rule?

The Securities and Exchange Commission (“SEC”) last week announced that Morgan Stanley Smith Barney LLC (“MSSB”) had agreed to pay a $1 million penalty to settle charges related to its failure to protect private customer information, some of which was hacked and actually offered for illegal sale online. The action involved MSSB’s violation of the … Continue Reading

California Attorney General Endorses the Center for Internet Security’s (CIS) Critical Security Controls as the “Minimum Level” of “Reasonable Security” Measures

In mid-February, the California Attorney General Kamala D. Harris released a Data Breach Report1 analyzing the 657 data breaches that have been reported to her office since 2012. That was the year California began requiring businesses and government agencies to notify the Attorney General’s Office of breaches affecting more than 500 California residents. In addition … Continue Reading

FDA Issues Guidelines on Postmarket Management of Cybersecurity in Medical Devices

The U.S. Food and Drug Administration (“FDA”) recently issued draft guidance entitled “Postmarket Management of Cybersecurity in Medical Devices” (“Guidance”). The medical device industry anxiously awaited the Guidance, which outlines recommended steps medical device manufacturers should take to continually monitor, identify, and address cybersecurity vulnerabilities after devices enter the market. The FDA previously issued guidance … Continue Reading

Approved – Cybersecurity Act of 2015

It is official, on December 18, 2015 President Obama signed the Cybersecurity Act of 2015, which encompassed the Cybersecurity Information Sharing Act of 2015 (“CISA”), into law. Much to the vexation of privacy advocates, CISA was buried in the 2,009-page $1.1 trillion spending bill. The Act provides liability protection to companies that voluntarily share “cyber … Continue Reading

Responding to Shareholder Inquiries re Cybersecurity Oversight

Oversight of a company’s risk management programs is one of the chief responsibilities of the board of directors, and for many companies cybersecurity risks rank among the key areas for scrutiny.  It’s little surprise, therefore, that some institutional investors are reportedly sending detailed questionnaires to directors of public companies seeking extensive information about the company’s … Continue Reading

Top 3 data privacy, security issues in-house counsel should focus on in 2015

This article originally appeared in the April edition of the Wisconsin Law Journal Recent cyber attacks have caused companies to focus on privacy and security issues more than ever before. With the attack on Sony in December 2014 and the unprecedented breach involving health plan information of Anthem Blue Cross Blue Shield in early 2015, … Continue Reading

Officers, boards maintain roles in protecting companies — Part 2

On Jan. 28, we celebrated Data Privacy Day (DPD)—an international effort centered on “Respecting Privacy, Safeguarding Date and Enabling Trust.” And it’s in the spirit of DPD that we continue the discussion around executives and boards of director alike prioritizing cyber-security within their companies. During our recent event, “Counseling Your Board of Directors and Officers … Continue Reading

Counseling your board of directors and officers on cybersecurity risks

Data security is a business issue that goes beyond the IT department. Join Quarles & Brady for an overview of breach-response preparation and response imperatives. The event will be from 8:30 to 10 a.m. CT Jan. 22 at the firm’s Chicago office and the discussion will particularly target in-house counsel, compliance officers, chief audit executives … Continue Reading
LexBlog