Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: cybersecurity

Posted in Cybersecurity & Data Breaches

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services released new cybersecurity guidance in response to the COVID-19 pandemic. The guidance highlights the heightened cybersecurity risks from the current crisis and NYDFS’ expectations that its regulated entities address those risks as large portions of their workforce have shifted to remote working arrangements.

Posted in News & Events

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Using a hypothetical case study, revealed in a series of short animations, Hogan Lovells partners Philip Parish, Arwen Handley, Nicola Fulford and Peter Marta considered topics such as good cyber incident preparedness, board responsibility, data issues, regulatory notifications, litigation and regulatory enforcement risk, liaison with law enforcement, and follow-up steps, and answered questions covering the legality of ransom payments to the perpetrators of cyberattacks and insurance for cyber incidents. This post summarizes key messages of the event.

Posted in Cybersecurity & Data Breaches, News & Events

Employers Take Notice: Increased Cybersecurity Threats Amid Coronavirus Precautions

On March 11, the Word Health Organization officially characterized the coronavirus (COVID-19) outbreak as a pandemic. During the outbreak, many employers around the world are seeking to prioritize the well-being and safety of their employees by asking them to work remotely instead of risking exposure while commuting and working in populated office spaces. Organizations need to take into account increased risks to the security of their networks, systems, and data during this time.

Posted in Cybersecurity & Data Breaches

In-Person Event: A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

Please join us in our London offices for a lively panel discussion with on what financial institutions and service providers need to know about cybersecurity and cyber incident preparedness. The panel will examine the key challenges that companies face before, during, and after a cybersecurity attack, including cybersecurity preparedness, incident response, notification requirements, and litigation and regulatory enforcement risk.

Posted in Cybersecurity & Data Breaches

New York State Expected to Increase Enforcement of Cybersecurity Practices

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services Cybersecurity Regulation and the effective date of the Stop Hacks and Improve Electronic Data Security Act. The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations on regulated organizations. The Act has a particularly broad reach, impacting any company that owns or licenses private information of New York residents.

Posted in Cybersecurity & Data Breaches

Cybersecurity Maturity Model Certification Version 1.0 (CMMC v1.0)

On January 31 the U.S. Department of Defense issued CMMC v1.0, a new unified cybersecurity standard coupled with a certification program for all DoD contractors and subcontractors. While many questions remain, our overview of CMMC v1.0 provides background on the model and key considerations to assist your organization in understanding and adopting the framework.

Posted in Cybersecurity & Data Breaches

SEC Releases Cybersecurity and Resiliency Observations: A Potentially Useful Guide for Businesses

In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC Office of Compliance Inspections and Examination published on January 27 its latest Examination Observations related to cybersecurity and operational resiliency practices.

Posted in Cybersecurity & Data Breaches

Lessons for In-House Counsel from Cybersecurity’s Front Lines

Recent developments reinforce the urgent need for general counsel and legal departments to deepen their focus on cybersecurity. In today’s environment, any organization can be the target of a cyberattack, regardless of industry, size, or geographic footprint. Indeed, in just the past few years, a variety of cyber adversaries have attacked financial institutions, social media sites, a movie studio, hospital systems, a peer-to-peer ridesharing company, the Democratic National Committee, hotel chains, city governments, educational institutions, telecommunications and energy utilities, prominent retailers, manufacturers, and even the mobile app of a well-known coffee and donut chain.

Posted in Cybersecurity & Data Breaches

“Cyber Hunt” Legislation Passes U.S. Senate: Any Implications for Business?

In a legislative environment charitably described as challenging, the fact that the Senate recently passed cybersecurity legislation by unanimous consent is noteworthy and highlights the bipartisan nature of this issue. The DHS Cyber Hunt and Incident Response Act responds to the recent spate of ransomware attacks against government agencies and private sector organizations. It would require the Department of Homeland Security to form “cyber hunt” and incident response teams that could be called upon to assist federal, state, and local entities to respond to a ransomware or other type of cybersecurity incident or to identify vulnerabilities in their systems that may increase the likelihood and success of a future attack. While continued government attention to the availability of cybersecurity capabilities should be welcomed by the private sector, the extent to which businesses will directly benefit from this legislation is unclear given its focus.

Posted in News & Events

Privacy and Cybersecurity October 2019 Events

October is full of exciting events where we will share insights on the CCPA, cyber incident response preparedness, data transfers, and more. We hope you can join us!

Posted in News & Events

Hogan Lovells at IAPP Privacy. Security. Risk. 2019

Join members from our award-winning Privacy and Cybersecurity practice at this week’s IAPP Privacy. Security. Risk. 2019 conference in Las Vegas. We hope to see you at one of our sessions listed below.

Posted in News & Events

All-Day Workshop: Privacy and Cybersecurity KnowledgeShare (Agenda & Speakers Announced)

Join us on Thursday 19 September for the Hogan Lovells Privacy and Cybersecurity KnowledgeShare in London. We will share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops.

Posted in News & Events

Privacy and Cybersecurity September 2019 Events

Join us in September as we will be at the IAPP Privacy. Security. Risk. 2019 conference in Las Vegas discussing the CCPA, the GDPR, and traits of effective privacy and security professionals. We will also be exploring the latest thinking on key privacy and cybersecurity topics as well as cybersecurity as it relates to medical devices and patients, and more. We hope you can join us.

Posted in News & Events

All-Day Workshop: Privacy and Cybersecurity KnowledgeShare

Join us on Thursday 19 September for the Hogan Lovells Privacy and Cybersecurity KnowledgeShare in London. We will share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops.

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Time to Take Notice: ICO to Impose Record Fine for Data Security Breach

On 8 July 2019, the UK data protection authority issued a notice of its intention to fine British Airways GBP 183.39 million (approx. USD 229.46 million) for infringements of the General Data Protection Regulation. The proposed fine relates to a data breach in which personal data of approximately 500,000 customers were compromised.

Posted in News & Events

Webinar Invitation — Cyberthreats in the Internet of Things

Please join the Hogan Lovells Privacy and Cybersecurity and Litigation teams on July 16th for our webinar, Cyberthreats in the Internet of Things. We will explore some techniques that can be used to exploit potential vulnerabilities in connected devices and how those types of events impact organizations from a regulatory and litigation perspective.

Posted in News & Events

Amsterdam Seminar: Protect Your Data! (English)

On 2 July 2019, Hogan Lovells’ Amsterdam office will host the in-person seminar “Protect Your Data!” This English-language seminar follows a popular Dutch-language edition of the seminar. Joke Bodewits and Ruud van der Velden will discuss recent EU legislation, and focus on “lessons learned” for companies with respect to privacy, cybersecurity, and trade secrets. The in-person seminar is of interest to in-house counsel, in-house patent attorneys, privacy officers, CISO’s and IT managers.

Posted in News & Events

Privacy and Cybersecurity June 2019 Events

Join us in June as we discuss the GDPR as it relates to colleges and universities; the CCPA, cybersecurity and data breaches, and industry-specific issues; as well as cyberthreats to the Internet of Things.

Posted in News & Events

Amsterdam Seminar: Protect Your Data!

On 23 May 2019, Hogan Lovells’ Amsterdam office will host the in-person seminar “Bescherm je data!” (“Protect Your Data!”). Joke Bodewits and Ruud van der Velden will discuss recent EU legislation, and focus on “lessons learned” for companies with respect to privacy, cybersecurity, and trade secrets.

Posted in News & Events

Privacy and Cybersecurity May 2019 Events

Join us in May as we will be speaking at the 2019 Global IAPP Summit, discussing hacking, privacy and cybersecurity and the TCPA. We hope you can join us.

Posted in International/EU Privacy

A Global Approach to IoT Cybersecurity?

The European Telecommunications Standards Institute has published a new standard for cybersecurity in relation to consumer IoT products. The standard builds on the UK’s Code of Practice for Consumer IoT Security, published in October last year. The Code of Practice was developed by the UK Government following publication of a draft code as part of the Secure by Design report published by the Government in March 2018 and after consultation with industry, consumer associations, and academics. The UK Code is voluntary but the UK Government was keen to work with ETSI to develop it into a global standard.

Posted in Financial Privacy

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

The Federal Trade Commission issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act, commonly known as the Safeguards Rule and Privacy Rule. Once the notices are published in the Federal Register comments must be received within 60 days. The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade.

Posted in International/EU Privacy

Vietnam Quick to Enforce New Cybersecurity Law

Vietnam’s new Law on Cybersecurity has garnered much attention due to its sweeping attempt to regulate online content available to internet users in Vietnam. Among its more controversial provisions are the requirements that both foreign and domestic online service providers store personal data of Vietnamese end-users in Vietnam, surrender such data to Vietnamese government authorities upon request, and supervise user posts to remove “prohibited” content (defined to include content viewed as disparaging of the Vietnamese government and/or government officials or state agencies). The law also requires offshore service providers to open branches or representative offices in Vietnam, presumably to facilitate enforcement of the Cybersecurity Law against them.