Search

Cybersecurity Business Law Blog

The Intersection of Cybersecurity, Business, and Law

Tag

Data breach

Managing Cybersecurity Risks for Boards of Directors

Ethical Boardroom Winter 2016In his latest Ethical Boardroom article, Shawn Tuma explains why it is important for board members to have an active role in their company’s cybersecurity preparation and tells them several key steps they can take to do so. Tuma also explains why cybersecurity is as much a legal issue and business issue as it is an IT issue. Continue reading “Managing Cybersecurity Risks for Boards of Directors”

Michaels Data Breach Class Action Dismissed for Lack of Harm

Because the data breach class action plaintiffs were unable to show they sustained any actual harm, the New York U.S. District Court granted Michaels Motion to Dismiss their case, without prejudice, on December 28, 2015.

In its Memorandum Opinion, the Court distinguished the Target and Neiman Marcus cases because, unlike those cases, there were no fraudulent charges on the plaintiff’s credit card: “she asserts only that her credit card was ‘physically presented for payment in Ecuador.’ There are no allegations that Whalen was required to pay the charges in Ecuador.” (Mem. Op. p. 8). In the Neiman Marcus case, “one critical distinction in that case is that 9,200 of those customers experienced fraudulent charges following the breach. By contract, Whalen’s Complaint only indicates that she was affected, and even she did not suffer any out-of-pocket losses.” (Mem. Op. p. 15).

The court’s rationale for its dismissal was, “[s]imply put, Whalen has not asserted any injuries that are ‘certainly impending’ or based on a ‘substantial risk that the harm will occur.’”

Dear Santa: Shawn Tuma’s Cybersecurity Christmas Wish

 

Rockefeller_Center_christmas_tree
Shawn Tuma’s Cybersecurity Christmas Wish

My friends at SecureWorld asked me to do something I have not done since I was a kid. They asked me to write a letter to Santa and tell him what my one cybersecurity Christmas wish would be.

What is my wish?

Here is a hint: it is for business leaders to begin to understand one particularly crucial thing about cybersecurity incidents — one thing that could really help get their companies prepared for the cybersecurity risks they face.

If you want to know what that one thing is, all you have to do is read my letter to Santa: Cybersecurity Wishes: Shawn E. Tuma

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

 

Why Lawyers Need to Understand Cyber Insurance for Their Clients (Tuma’s Tx Bar Journal article)

Texas Bar JournalCybersecurity, data breach, cyber attacks, and cyber insurance. Unless you live under a rock, you have heard of it. You better hope your lawyer has too!

Shawn Tuma argues that the minimum standard of care for lawyers practicing in 2015-16 requires a basic understanding of cyber insurance. He recently explained that argument, along with his co-author Katti Smith, a seasoned cyber insurance professional with AIG.

The Texas Bar Journal published their article, Risky Business: Why lawyers need to understand cyber insurance for their clients, in the December 2015 issue. In the article, they explain what cyber insurance is, what kinds of policies cover cyber liability, key first-party and third-party costs that should be covered by such a policy, as well as key items that are often not covered.

Go check it out and let them know what you think.

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Wyndham and FTC settle data breach dispute — Wyndham got 20 years

On December 9, 2015, the FTC announced that it and Wyndham Hotels had settled their long-running dispute that led to an opinion from the Third Circuit Court of Appeals confirming the FTC’s authority to regulate cybersecurity.

The gist of the settlement is that, for the next 20 years, Wyndham must do the following:

  • obtain annual security audits of its information security program that conform to the Payment Card Industry Data Security Standard for certification of a company’s security program;
  • certify the “untrusted” status of franchisee networks, to prevent future hackers from using the same method used in the company’s prior breaches;
  • certify the extent of compliance with a formal risk assessment process that will analyze the possible data security risks faced by the company; and
  • certify that the auditor is qualified, independent and free from conflicts of interest;
  • in the event Wyndham suffers another data breach affecting more than 10,000 payment card numbers, it must obtain an assessment of the breach and provide that assessment to the FTC within 10 days.

Read more: Wyndham Settles FTC Charges It Unfairly Placed Consumers’ Payment Card Information At Risk | Federal Trade Commission

Blog at WordPress.com. | The Baskerville Theme.

Up ↑

%d bloggers like this: