Category: Security



As Cyberattacks Rise, U.S. Business Readiness Falls

Share

Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.

Continue reading

FBI Releases 2018 Internet Crime Report

Share

On April 22, 2019, the FBI’s Internet Crime Complaint Center (“IC3”) released its Internet Crime Report (the “Report”) for 2018. IC3 issues the Report annually as a means to highlight data and identify key trends about Internet crimes.

Continue reading

DOJ White Paper Answers Questions about the Scope and Applicability of the CLOUD Act

Share

Last year Congress enacted the CLOUD Act (the Clarifying Lawful Overseas Use of Data Act) to clarify the means for foreign legal authorities to access electronic information held by U.S.-based global providers. The U.S. Department of Justice (DOJ), in April 2019, issued a White Paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act.” This White Paper lays out the policy and legal reasons for enactment of the CLOUD Act, and explains how the CLOUD Act overlays and interacts with existing laws and established inter-governmental practices.

Continue reading

The Trump Administration Signals Heightened Scrutiny of Chinese Investment in Companies with Access to Americans’ Personal Data

Share

According to recent disclosures, the Trump Administration has been acting aggressively to control Chinese investment in companies that have access to Americans’ personal data. Last week, it was revealed that the Committee on Foreign Investment in the United States (CFIUS) has ordered Chinese company Beijing Kunlun Tech Co. Ltd. to sell its majority stake in on-line dating app Grindr over concerns that Chinese access to personal data held by Grindr could pose a threat to U.S. national security. Then, on April 4, 2019, it was announced that CFIUS had also ordered Chinese investor and digital healthcare company iCarbonX to sell its stake in the U.S. company PatientsLikeMe. PatientsLikeMe is an on-line service that links individuals suffering the same health issues in an effort to improve disease detection and treatment. Again, the concern reportedly prompting the CFIUS action is Chinese access to the personal data of Americans and the national security risk that could pose.

Continue reading

U.S. Supreme Court Declines to Hear Zappos Data Breach Case

Share

The Supreme Court recently declined to review the Ninth Circuit’s decision in Zappos.com, Inc. v. Stevens, a class action suit resulting from a 2012 data breach of the online retailer. As a result, there remains a split in the courts as to whether a breach of data confers Article III standing on potential plaintiffs, even if no actual injury occurred.

Continue reading

Coming Soon to Singapore: Mandatory Data Breach Notifications

Share

Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.

Continue reading

« Older posts

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy