The GDPR Question and Answer Guide

Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy, Global Insurance Services, and other practice groups have fielded countless questions from clients and colleagues curious (or concerned) about the European Union’s (EU) General Data Protection Regulation (GDPR), the landmark legislation governing data protection and privacy for all individuals within the European Union, as well as the export of all data from the EU and European Economic Area (EEA). Here, we answer the most frequently asked questions pertaining to the GDPR’s who, what, when, where, how, and…
Continue reading...

The FTC Gang’s All Here

As we noted in a previous post, the United States Senate has confirmed five new commissioners, bringing a full complement to the Federal Trade Commission (FTC). Four of those commissioners have taken their seats, with the fifth likely to join in the Fall. Earlier this month, the “new” FTC signaled a continued commitment to act in the area of data privacy and security by reaching a settlement with a California company regarding false claims regarding compliance with the European Union-United States Privacy Shield framework
Continue reading...

An Insurer’s Guide to Navigating the Legal Landmines of Cybersecurity Regulation

Cybersecurity is front and center now, especially for the financial services industry which includes insurance and reinsurance companies, among others.  States and regulators are passing laws and promulgating regulations designed to protect customer data in the possession of insurers and their associates. These new statutes and regulations aimed at the insurance industry are in addition to the myriad of other requirements imposed by government for the protection of this data. Aaron J. Aisen, co-chair of the regulatory sub-practice group in the Global Insurance Services
Continue reading...

The FTC Gang’s All Here – Five New Commissioners Confirmed

The Federal Trade Commission (FTC) is widely recognized as the primary federal regulator of cybersecurity and data privacy by virtue of its authority under Section 5 of the Federal Trade Commission Act to take enforcement action against unfair and deceptive trade practices, which authority has been upheld by various courts including the U.S. Court of Appeals for the Third Circuit. For just over a year, the FTC has operated with only two commissioners, one Republican and one Democrat. On April 26, 2018, the United States…
Continue reading...

Papua New Guinea Shuts Down Facebook…Temporarily

The democratic government of Papua New Guinea (PNG) has announced a one-month shutdown of Facebook access within the nation, to allow the government to assess the spread of objectionable content, and to “allow information to be collected to identify users that hide behind fake accounts, users that upload pornographic images, users that post false and misleading information on Facebook to be filtered and removed.” While regimes such as Iran, North Korea, and China currently censor the social networking site, PNG is the first democratic nation…
Continue reading...

Nearly a 50 percent Increase in Gulf Region Cyberattacks

Gulf Business Machines (GBM) reports a significant increase – from 28 percent in 2016 to 41 percent in 2017 — in hacking events among Gulf-based enterprises. Even so, only 31 percent of regional organizations are concerned about the detection and response to these attacks. At the 2018 Gulf Information Security Expo and Conference in Dubai that took place from May 1-3, 2018, GBM issued its Seventh Annual Cybersecurity Study, which surveyed regional organizations regarding security in the business environment. The survey polled over 600 executives…
Continue reading...

Re-Thinking the U.S. Government’s Approach to Cybersecurity

Are the “cybersecurity” tools used by the CIA and NSA causing harm to U.S. businesses and citizens? An analysis of the WikiLeaks materials, and recent hacker activity, suggests the answer may be yes. This month, it was revealed that at least 40 cyber attacks on organizations in 16 countries were conducted with top-secret hacking tools, according to security researcher Symantic Corporation. While not formally blaming the CIA, Symmantic said it connected these attacks to the CIA hacking tools obtained by WikiLeaks, and that the targets…
Continue reading...

Despite Recent High-Profile Dismissals, Wendy’s Shareholders Try Again with Cybersecurity-Related Derivative Lawsuit

The resilient plaintiff’s bar is not backing down from their quest to hold directors and officers personally liable for corporate misconduct that leads to cybersecurity breaches. Taking guidance from the failures which resulted in a string of dismissals of high-profile cybersecurity-related shareholder derivative lawsuits, a shareholder of the fast food-chain The Wendy’s Company is taking another shot to impose liability on corporate leadership for failing to take precautions against cyber-attacks. To be clear, these derivative cases are trying to hold the directors and officers liable…
Continue reading...

The Yahoo Class Action: Plaintiff’s Bar Finds a New Cottage Industry

The only “surprise” in the Yahoo class action complaint, filed Friday, September 23, 2016, is that Yahoo issued a press release announcing the breach a mere one day earlier.  The class action complaint, undersigned by three law firms in San Francisco, Boca Raton, and New York, seeks certification for: “All persons within the United States whose personal information was accessed following the data breach that Yahoo announced in a press release on September 22, 2016.”  Indeed, the complaint makes a number of allegations relating directly…
Continue reading...

Cybersecurity Down on the Farm

The FBI and Department of Agriculture have issued a Private Industry Notification to increase awareness among farmers that growing reliance on precision agriculture technology, aka “smart farming,” brings increased vulnerability to cyberattacks. While the notification did not suggest attackers could gain control of physical machinery, unauthorized access to farm-level data regarding crop availability and pricing could be used to exploit US agriculture resources and market trends. Earlier this year, for example, the USDA and Microsoft hosted a worldwide competition to design data visualization tools that…
Continue reading...