After a long silence since guidance was last issued a year ago, there’s now widespread expectation that the Securities and Exchange Commission will get much more specific this year about new cybersecurity disclosures for public companies. Recent actions also signal the commission is paying close attention not just to disclosures, but to weaknesses that create cybersecurity risks at companies.
read more 
In late 2018 the U.S. District Court of New Jersey indicted two Iranian men for allegedly running a hacking scheme that hit local and state governments as well as transportation agencies and hospitals across the U.S. The scheme involved infecting corporate networks with SamSam malware, which encrypted data on computers in the networks, then blackmailing the institutions by requiring a ransom payment in return for the decryption keys.
read more Australia has recently taken significant action in the realm of data security that will potentially have global impact. In December 2018, the Australian Competition and Consumer Commission (“ACCC”) released recommendations on ways big technology companies can improve data security.
read more Privacy protection is an issue that will always be at the forefront of the legal world. Consumers expect that companies will protect their medical and other private identifying information. While the increase in digital data makes business dealings more efficient in many ways, it also unfortunately heightens the potential risk for privacy breaches. For decades, the Federal Trade Commission (“FTC”) has investigated and remedied privacy issues. While the FTC does not have explicit authority to regulate data privacy, it generally relies on Section 5 of the FTC Act to assert such authority. This lets the agency look into companies that engage in “unfair and deceptive acts and practices” relating to commerce.
read more