Cybersecurity Legal Year in Review – #DtSR Podcast

Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast.

In this episode…

• Most important cybersecurity-related legal developments of 2015
  • Tectonic Shift that occurred with “standing” in consumer data breach claims
    • Discussion of law prior to Neiman Marcus case, and post-Neiman Marcus
    • Does this now apply to all consumer data breach cases?
    • Immediate impact? Companies now liable?
    • Lesson is in seeing the trend and how incrementalism works
    • Michaels & SuperValu case dismissals in light of Neiman Marcus
• Regulatory Trends
  • FTC & SEC gave hints in 2014, post-emergence of Target details
  • Wyndham challenged authority – came to fruition in August 2015
  • SEC not far behind – significant case in September 2015
  • Aggressiveness of FTC is substantial – FTC v. LabMD … all over LimeWire
• Officer & Director Liability
  • 2014 – SEC Comm. fired the warning shot … pointed the finger
  • Shareholder derivative litigation
  • Individual liability of IT / Compliance / Privacy “officers”
• Anticipated 2016 Legal Trends
  • Regulatory enforcement … which, by the way, is why NIST is becoming default
  • Shareholder Derivative – much more likely than consumer class actions at this time
  • Lessons from both of these: when you need to persuade the “money folks” that they need to act, mention D&O Liability (especially Caremark) and Regulatory focus on individuals … now they’re in the cross-hairs
  • Realization that cybersecurity is more of a legal issue than anything else (IT or business) b/c it is the legal requirements and consequences that ultimately drive everything

Go HERE to listen to the Podcast!