President Obama Creates New Sanctions Regime to Combat Foreign Cyberthreats

By Lawrence Perrone & Lydia Parnes on July 15, 2015

On April 1, 2015, President Obama issued an executive order declaring “cyber-enabled malicious activities” a national emergency due to the “increasing prevalence and severity” of such attacks originating from or directed by persons outside the United States.¹ The executive order gives the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, the power to impose economic sanctions on certain designated individuals and entities that have been directly or indirectly involved in malicious cyberattacks against U.S. networks, critical infrastructure, as well as those involving the theft of economic resources or personal and financial information, or the misappropriation of trade secrets.
Continue Reading President Obama Creates New Sanctions Regime to Combat Foreign Cyberthreats

New EU Trends: Cybersecurity and Breach Notification

By Sarah Cadiot on July 15, 2015

Posted in Cybersecurity, European Union

On June 29, 2015, the Council of the European Union (comprised of representatives of the 28 EU Member States) reached a political agreement with the European Parliament on the main principles of the draft Directive on Network and Information Security (NIS Directive) governing cybersecurity issues.¹ The draft NIS Directive is an advanced piece of draft legislation in the EU that, once adopted, will likely concern a significant number of companies doing business in Europe.² The final text is expected to be adopted sometime in late 2015, however the ultimate timing will depend on the political developments.
Continue Reading New EU Trends: Cybersecurity and Breach Notification

Status Update on the EU Data Protection Regulation

By Christopher Kuner, Cédric Burton & Laura De Boel on July 15, 2015

Posted in European Union, Regulatory

On June 15, 2015, the Ministers of Justice of all 28 European Union member states, sitting as the Council of the EU (Council), reached a crucial agreement for the future EU data protection legal framework. Much work still needs to be completed, but this is a major step forward in the adoption of the EU General Data Protection Regulation (Regulation).

The Regulation introduces important changes to EU data protection law that will have a significant impact on companies doing business in the EU. While the timing of final approval is still unknown, the fact that the Council has reached a general approach significantly increases the chances that the final text of the Regulation will be adopted in the foreseeable future. To learn more about the practical implications for businesses and how to prepare for the new legal framework, please join our webcast on July 15.
Continue Reading Status Update on the EU Data Protection Regulation

Privacy Laws in the Digital Age—A Push for Increased Protections

By Dylan Savage & Whitney Costin on July 15, 2015

Posted in Privacy

Protection of highly sensitive personal information is a growing concern for most Americans in the ever-increasing digital age, especially in the wake of large-scale data breaches from leading retail brands and healthcare providers. Although protections currently exist to counteract unwanted dissemination of private information, as well as rules mandating notification when such unwanted dissemination occurs, this growing concern has prompted the White House and Congress to take steps toward increasing protections in the context of privacy laws.
Continue Reading Privacy Laws in the Digital Age—A Push for Increased Protections

Navigating Public Company Cybersecurity Obligations: Advising Boards and Disclosing to Investors

By Matthew Staples & Jonathan Adams on July 15, 2015

Posted in Cybersecurity, Privacy, Transactional

This article is the second in a series of articles that discuss the importance of privacy and data security considerations in the transactional context.

In light of numerous costly security breaches affecting disparate sectors of the American economy, public companies—ranging from merchants like Target Corporation and The Home Depot to technology firms like Adobe Systems, and from entertainment companies like Sony Entertainment to insurers like Anthem Blue Cross, to name a few examples—are under increased pressure to ensure that cyber risks are appropriately evaluated, addressed, and disclosed to investors. Because of the increasing number and cost of data security incidents, the U.S. Securities and Exchange Commission (SEC) has taken an active role in advising public companies on how to appropriately manage and disclose cyber risks. SEC cyber risk guidance to date, outside of advice specific to the financial services industry, relates to: (i) the responsibilities and duties that boards of public companies must bear with regard to cyber risk; and (ii) the manner in which public companies should disclose (when appropriate) the relevant cyber risks in company filings with the SEC.
Continue Reading Navigating Public Company Cybersecurity Obligations: Advising Boards and Disclosing to Investors

Recent Executive Order to Push for Security of Consumer Financial Transactions, Identity Theft Remediation

By Jonathan Adams on February 15, 2015

Posted in Cybersecurity

ThinkstockPhotos-469750754-web On October 17, 2014, the White House released its plans for a “BuySecure Initiative” in an executive order entitled “Improving the Security of Consumer Financial Transactions.” The initiative aims to push the market toward adopting more secure payment methods and to reduce the burden on consumers seeking to remediate identity theft incidents. The White House simultaneously published a fact sheet explaining the impetus for the action, the changes proposed in the order, and the potential downstream effects from the steps outlined.
Continue Reading Recent Executive Order to Push for Security of Consumer Financial Transactions, Identity Theft Remediation

The Data Advisor