RegFi co-hosts Jerry Buckley and Sherry Safchuk welcome Orrick partner Aravind Swaminathan for a conversation exploring the critical and evolving role of the Chief Information Security Officer in today’s corporate landscape.....more
As cybersecurity incidents become increasingly complex, your initial response to a potential cybersecurity crisis matters. The decisions that you make in the first 24 to 48 hours of a potential cybersecurity incident can have...more
11/4/2021
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Incident Response Plans ,
Policies and Procedures ,
Popular ,
Risk Management ,
Risk Mitigation
In the wake of a cyber incident, regulators and law enforcement agencies closely scrutinize the cyber security measures in place at the affected organization. ...more
At the beginning of this month, more than 4,000 privacy professionals from around the globe gathered in Washington, D.C. for the International Association of Privacy Professionals’ Global Privacy Summit 2019....more
5/17/2019
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management
Game-changing Calif. Consumer Privacy Act of 2018 puts statutory breach damages on the table -
The recently-enacted California Consumer Privacy Act of 2018 is a game-changer in a number of respects. The Act imports...more
8/24/2018
/ Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
The recent ransomware attack on the City of Atlanta highlights the fact that the threat of ransomware affects all organizations, regardless of the nature of their industry, business, or operations, and that political...more
4/4/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Denial of Service Attacks ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Public Entities ,
Public Finance ,
Ransomware ,
Risk Management
This week, a high profile plaintiffs’ firm (Edelson) stated that “if done right,” the data breach class actions against Equifax should yield more than $1 billion in cash going directly to more than 143 million consumers...more
10/16/2017
/ Corporate Counsel ,
Credit Reporting Agencies ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Equifax ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Settlement ,
Vulnerability Assessments
August 28, 2017 marks the end of the initial 180-day grace period for compliance under the New York Department of Financial Services’ “first-in-the-nation” cybersecurity regulations (the “Rules”). The initial regulations...more
8/31/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management
There is no such thing as compliance with the NIST Cybersecurity Framework (FTC). In September, the FTC dispelled a commonly held misconception regarding the NIST Framework: It “is not, and isn’t intended to be, a standard or...more
1/30/2017
/ Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Drones ,
Email ,
FBI ,
Federal Aviation Administration (FAA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
NIST ,
OCR ,
PHI ,
Phishing Scams ,
Popular ,
Privacy Concerns ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Target ,
Unmanned Aircraft Systems
Aravind Swaminathan, global co-chair of Orrick’s Cybersecurity & Data Privacy team, recently spoke with Global Investigations Review regarding new plans proposed by New York’s Department of Financial Services that will...more
9/26/2016
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Financial Institutions ,
Hackers ,
Incident Response Plans ,
Negligence ,
Risk Management
Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more
Tennessee recently amended its data breach notification law, and in doing so, it has joined the ranks of states like Florida, Ohio, and Wisconsin that require notification to residents of a data breach within a defined time...more
The insurance industry has been making the case to Congress that cyberinsurance can be a path to good security practices, encouraging different groups inside an organization to better communicate with one another. The process...more
Earlier this summer, the Federal Financial Institutions Examination Council (FFIEC) released its highly anticipated Cybersecurity Assessment Tool (Assessment), which is designed to assist financial institutions in identifying...more
8/26/2015
/ ATMs ,
Banking Sector ,
Banks ,
Caremark claim ,
Cloud Computing ,
Compliance ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Debit Cards ,
FFIEC ,
Financial Institutions ,
Hackers ,
Internet Service Providers (ISPs) ,
Mobile Payments ,
NCUA ,
NIST ,
OCC ,
Regulatory Standards ,
Risk Management