Potential Changes to North Carolina Cybersecurity Law

As we continue to see substantial changes in the area of cybersecurity law across the United States as well as globally, North Carolina has undertaken preliminary steps to expand on its current laws within the state. On April 16, 2019, the North Carolina House of Representatives introduced a bipartisan bill to amend North Carolina’s Identity Theft Protection Act. The bill passed its first reading and was referred to committee. The proposed bill contains numerous changes that will affect how cybersecurity is handled in North…
Continue reading...

NSA Launches Cybersecurity Directorate to Combat Cyber Attacks on Government and Private Sector Systems

The National Security Agency (NSA) has established a Cybersecurity Directorate that “unifies NSA’s foreign intelligence and cyber defense missions” to more closely align its offensive and defensive operations. The directorate, operating as of October 1, 2019 will help contribute to the NSA’s defensive mission to protect digital systems. It will focus initially on the defense industrial base and weapon security improvement.  The increased focus on cybersecurity comes in the wake of a 56-page report by the National Security Telecommunications Advisory Committee warning that the United…
Continue reading...

The Push for a National Data Privacy Law Continues as Tech Giants Write to Congress

On September 10, 2019, 51 companies from the Business Roundtable joined together to send a letter to House and Senate leadership asking them to pass “a comprehensive data privacy law that strengthens protections for consumers and establishes a national privacy framework to enable continued innovation and growth in the digital economy.” The companies included, among others, Amazon, IBM, AT&T, Chubb, and Marriot International, Inc. Signatures from Facebook CEO Mark Zuckerberg and Apple CEO Tim Cook were notably absent, although both have, in the past, supported…
Continue reading...

Another Month, Another Major Data Breach – This Time at Capital One

Capital One Financial Corp., the fifth largest United States credit card issuer, announced on July 29, 2019 that a data breach exposed approximately 140,000 Social  Security numbers and about 80,000 linked bank account numbers – impacting nearly 100 million U.S. residents and 6 million Canadian residents. The breach also included other personal information like names, addresses, postal codes, phone numbers, email addresses, dates of birth and self-reported income, credit scores, credit limits, balances, payment history, contact information and fragments of transaction data from a total…
Continue reading...

Internet of Things Cybersecurity Improvement Act

On January 1, 2020, California’s “Security of Connected Devices” law (Senate Bill No. 327), which was enacted in 2018, will require companies that manufacture any device that connects “directly or indirectly” to the Internet that is sold in California to incorporate within the device “a reasonable security feature or features.” What constitutes as a “reasonable security feature” is largely undefined, but if the device is capable of authentication outside of a local area network (LAN), then the security will be deemed reasonable if a preprogrammed…
Continue reading...

Considering Legal Privileges in the Cybersecurity Context

Any organization that is cognizant of its cybersecurity obligations faces a fundamental problem: the greater the effort to increase security, the greater the number of documents generated, memorializing those efforts. Those documents could be discoverable in the event of litigation. The law of privilege in the context of pre-breach planning, including application of the attorney-client relationship to third-party technology vendors and security engineers, remains largely uncharted. The thought leaders at The Sedona Conference are taking steps to help frame the dialogue and set the stage…
Continue reading...

Everybody’s Buying Cyber… Why Aren’t You?

A recent market survey shows companies are getting the message that purchasing cyberinsurance is a corporate imperative today. According to a recent AM Best Market Segment Report, direct premiums written for U.S. cyberinsurance policies from 2015 to 2018 have doubled to $2 billion. Three million cyberinsurance policies were in force in 2018, an increase from 2.6 million in 2017. Admittedly, premium growth has slowed to 12.6 percent in 2018, although that may be due in part to the number of companies using captives for their…
Continue reading...

Cryptocurrency Theft is on the Rise

According to a recent study, losses from theft, fraud, and misappropriation of cryptocurrency increased to $1.2 billion worldwide in the first quarter of 2019, which is already 70 percent of all such activity from 2018.  In fact, it was  reported that hackers used phishing, viruses, and other techniques to steal $41 million in cryptocurrency from Binance, one of the world’s largest cryptocurrency exchanges. This is on the heels of an announcement by Fidelity Investments that it will soon buy and sell bitcoin for institutional customers.…
Continue reading...

Ohio Cybersecurity Legislation Applicable to Insurers Now In Effect

Ohio’s new law requiring insurance providers to take steps to protect personal information recently went into effect March 20, 2019. Ohio now follows South Carolina as the second state to adopt legislation modeled after the NAIC’s Insurance Data Security Model Law.             The law, codified at new Ohio Revised Code Chapter 3695, applies to all individuals or non-governmental entities required to be authorized, registered, or licensed under Ohio insurance laws (defined as “licensees”). Only smaller licensees that have fewer than 20 employees, less than $5…
Continue reading...

Washington State Cyberstalking Law Deemed Unconstitutional

On February 22, a federal judge in the State of Washington held that Washington’s cyberstalking law impermissibly inhibits constitutionally protected speech in violation of the First Amendment. The case of Rynearson v. Ferguson was commenced by Richard Rynearson, III against Washington State’s Attorney General and county prosecuting attorney under 42 U.S.C. Section 1983 for the purpose of enjoining the state’s enforcement of its cyberstalking statute, Wash. Rev. Code Section 9.61.260. Rynearson is an online author and activist who regularly writes online posts and comments directed…
Continue reading...