Officers and directors of companies that have had data breaches have become targets of litigation through shareholder derivative claims since the consumer class-action claims have had a difficult time making it past the causation of harm threshold. Those officers and directors may now sigh in relief, if only briefly, following a November 30, 2016, ruling by the District Court…
Category: Corporate Governance
Yes, Officers & Directors Can Be Held Personally Liable for Their Company’s Data Breach – Here’s Why
“Can I be held personally liable for my company’s data breach?”
That is one of the questions I am asked most frequently. The answer is “YES!” though the usual reasons provided are not nearly as straightforward as the one discussed in the video below.
Please share this!
SecureWorld Presentation: Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What You Really Need to Know at SecureWorld Expo Dallas on September 27, 2016. The following are the slides from Tuma’s presentation. Download: Cybersecurity Incident Checklist SecureWorld Expo Dallas – Cybersecurity Law: What Business and IT Leaders Need to Know from Shawn Tuma
Please share this!
Cybersecurity Legal Issues: What you really need to know (slides)
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides…
Please share this!
Cybersecurity: How Long Should An Incident Response Plan Be?
Last evening I had the pleasure of talking cybersecurity law with a group of CIOs from some pretty sophisticated companies. It was a great discussion and I learned as much as I shared — just the way I like it. During our discussion, the subject of Incident Response Plans came up and I explained why…
Please share this!
Computer Use Policies – Are Your Company’s Illegal According to the NLRB?
The National Labor Relations Board (NLRB) has continued its assault on businesses and their ability to legitimately protect their computer systems and information against unauthorized non-business use by employees. A few weeks ago, I wrote 3 Important Points on Computer Policies in which I stressed (1) why your company must have them but (2) that…
Please share this!
FBI Guidance: How to Respond to Ransomware
Spoiler Alert: According to the article below, in a recent podcast the FBI “warned against paying ransoms” and doesn’t like to see companies pay the ransom because, the old law of supply and demand just means that ransomware is more profitable and, therefore, we see more of it.
Please share this!
Why Cybersecurity Incidents Are Legal Events
In this video, cybersecurity and data protection attorney Shawn Tuma explains why cybersecurity incidents are as much legal events as they are information technology and business / public relations events.
Please share this!
4 Ways to Engage Executives in Cyber Risk
The CIO Journal has an informative article, 4 Ways to Engage Executives in Cyber Risk, that discusses a handful of ideas that can be helpful for engaging company executives on the issue of cybersecurity risks. Here are the 4 steps it suggests: Host a cyber risk heat-mapping session Establish key risk and performance indicators Simulate…
Please share this!
3 Key Points the Board Needs to Know About Cybersecurity
Officer and director liability for cybersecurity incidents is a hot topic. It will only get hotter because, when it comes to risks impacting the company, the buck stops at the Board of Directors. As it should. Cybersecurity and corporate governance law are converging to develop a duty for the Board to be involved in cybersecurity issues…
You must be logged in to post a comment.