Articles Posted in Cybersecurity and Privacy

Posted

In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software resilience and security for businesses and organizations. (See here for details of the call for views.) The UK Government has unveiled an ambitious plan to enhance software security practices in the UK by proposing baseline security expectations for software vendors in an effort to seek more transparency and consistency for customers.

Continue reading

Posted

GettyImages-1386414642-1-300x200The United Kingdom hosted an Artificial Intelligence (AI) Safety Summit on November 1 – 2 at Bletchley Park with the purpose of bringing together those leading the AI charge, including international governments, AI companies, civil society groups and research experts to consider the risks of AI and to discuss AI risk mitigation through internationally coordinated action.

Continue reading

Posted

In UK Financial Regulators to Oversee Critical Third Parties, our colleagues Lee Rubin and Mark Booth discuss the proposed new regime that will grant UK federal regulators a range of powers over third parties that provide critical services to the financial sector.

Posted

EPDB-logo-300x300The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and importantly when they do not). In particular:

Continue reading

Posted

EPDB-logo-300x300This week the European Data Protection Board (EDPB), a body that represents European data protection authorities, set up a new cookie banner taskforce. The new taskforce will coordinate the response to over 400 complaints concerning cookie banners filed by a nonprofit organization founded by Max Schrems, None of Your Business (NOYB).

Continue reading

Posted

iStock-577965144-contact-tracking-300x200‘Contact tracing’ is a process used by public health officials to identify individuals who may have come into close proximity with a contagious virus, such as COVID-19. Traditionally, infected persons are asked to identify interactions with people whilst infected or in the days leading up to infection being diagnosed. Health practitioners can then contact those at risk to warn them of potential exposure, what steps to take and how to avoid infecting others.

Continue reading

Posted

A recent data breach and subsequent bankruptcy combine to form a cautionary tale on the importance of cyber insurance. On our Insurance & Recovery blog Policyholder Pulse, in “From Data Breach to Bankruptcy – A Cautionary Tale for Those Without Cyber Insurance,”colleagues Curtis A. Simpson and Robert Shoemaker examine the data breach suffered by American Medical Collection Agency and how that forced its parent company, Retrieval-Master Creditors Bureau Inc., into Chapter 11.

 

Posted

Federal-reserve-logo-300x300The Board of Governors of the Federal Reserve System has recently indicated it may move forward with enhanced cybersecurity standards that had previously been floated by the Board, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) back in 2016. Specifically, in October 2016, the Board, the three entities issued a joint advance notice of proposed rulemaking (ANPR) on enhanced cybersecurity standards before deprioritizing it in 2017. While the OCC and the FDIC withdrew their ANPRs earlier this Spring, the Board may revive the issue this coming Fall.

Continue reading

Posted

The recent data breach of India-based technology services provider Wipro serves as yet another reminder that technology or outsourcing service providers are high-priority targets for cyberattacks. In “Managing Risk in Light of the Wipro Data Breach,” colleagues Andrew CaplanMia Rendar and Curtis Simpson examine the potential consequences of the breach for Wipro customers and some steps that an institution should consider both to respond to, and to hopefully contain the effects of, a data security incident involving an outsourced service provider. 

Posted

NY DFSFinancial institutions regulated by the New York Department of Financial Services (DFS)—referred to in this post as “Covered Entities”—should by now be well familiar with the department’s sweeping cybersecurity regulation, 23 NYCRR 500, that became effective on March 1, 2017. The regulation delves into a level of detail (e.g., multi-factor authentication and encryption requirements) and requires a level of senior level attention (e.g., annual attestation of compliance, signed by the Board of Directors or a Senior Officer) heretofore unseen in U.S. federal or state regulations.

Continue reading