An article in eCommerce Times offers a well-reasoned argument for why the NIST (National Institute of Standards and Technology) Cybersecurity Framework is the guiding force in shaping the United States’ federal cybersecurity strategy: NIST Risk-Assessment Framework Shapes Federal Cybersecurity Strategy You should read it — but only after you read the following explanation because it is a lot simpler. Continue reading “The #1 Reason NIST Cybersecurity Framework is the Standard of Care”
TAKEAWAYS: If your company intends to limit its employees access to certain information on the company network, (1) make sure appropriate technological restrictions are in place and are working; and (2) make sure there are appropriate policies or other documentation in place to show the employees subjectively knew it was off limits.
When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does so for an improper purpose.
Why policies are critical–explained HERE Continue reading “Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA”
I have read several blog posts that are stating, as a blanket proposition, that you must prove intent to defraud for CFAA claims. This, they say, comes from the recent Seventh Circuit Court of Appeals case, Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., 2016 WL 258632 (7th Cir. Jan. 21, 2016) (opinion).
This is reading too much into the court’s opinion. Continue reading “Be Careful of Commentary on 7th Cir.’s Fidlar Tech CFAA “Intent to Defraud”Case”
The EU – U.S. Privacy Shield signals greater cooperation between the EU Data Protection Authorities and the Federal Trade Commission, according to a Fact Sheet released by the Department of Commerce. U.S. businesses should focus on these key themes, primarily: Continue reading “EU – U.S. Privacy Shield Summary & Fact Sheet for Businesses”
Officer and director liability for cybersecurity incidents is a hot topic. It will only get hotter because, when it comes to risks impacting the company, the buck stops at the Board of Directors. As it should.
Cybersecurity and corporate governance law are converging to develop a duty for the Board to be involved in cybersecurity issues that affect the company. (related posts) The question is, however, on how granular of a level should the Board’s role be when it comes to cybersecurity? Continue reading “3 Key Points the Board Needs to Know About Cybersecurity”