Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast. In this episode… Most important cybersecurity-related legal developments of 2015 Tectonic Shift that occurred with “standing” in consumer data…
Category: Regulatory
Wyndham and FTC settle data breach dispute — Wyndham got 20 years
On December 9, 2015, the FTC announced that it and Wyndham Hotels had settled their long-running dispute that led to an opinion from the Third Circuit Court of Appeals confirming the FTC’s authority to regulate cybersecurity. The gist of the settlement is that, for the next 20 years, Wyndham must do the following: obtain annual…
FTC v. LabMD: I always give ’em a fair trial before I hang ’em.
The legal findings in FTC v. LabMD. LabMD was vindicated by the November 15, 2015 Initial Decision in FTC v. LabMD (the Decision). In the Decision, the Chief Administrative Law Judge (ALJ) ordered the FTC to dismiss its Complaint against LabMD based on the following findings as to LabMD’s 2008 “data breach”: There was “no evidence that…
SEC v. R.T. Jones shows the SEC has a role in regulating cybersecurity
The federal security laws require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information. SEC v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015). “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have…
FTC v. Wyndham Worldwide Solidifies the FTC’s Role in Regulating Cybersecurity
The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act and companies have fair notice that their specific cybersecurity practices could fall short of that provision. F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015). Here are a few key points…
Rocky Dhir Interviews Shawn Tuma About Cybersecurity for Lawyers at State Bar of Texas 2015 Annual Meeting
I had the wonderful opportunity to visit with and get to know Rocky Dhir (@rockydhir) at the State Bar of Texas 2015 Annual Meeting in San Antonio. Rocky is the Founder and CEO of Atlas Legal Research, LP (@atlaslegal), “the world’s leading legal outsourcing company.” Rocky and I did a brief interview where we talked…
Why every CIO needs a cybersecurity attorney (my comments on why this is my favorite article ever)
Wow, this article seriously just made my day. I will apologize in advance to my friend and CSO writer and Michael Santarcangelo (@catalyst), but this may very well be my favorite article — anywhere — of all time! And, thank you, Tom Hulsey (@TomHulsey), for sharing it with me! As for you, Ms. Kacy Zurkus (@KSZ714), all I can…
Cybersecurity & Data Breach: You Don’t Drown From Falling Into the Water
“You don’t drown from falling into the water, you drown from not getting out.” Think about that — and think about how that applies to cyber security and data breach issues facing companies in today’s cyber world. Here, in my first ever video blog post, I explain this issue with more detail.
FTC Gives Good Reason to Not (Try to) Hide Data Breaches
Why do I need to report a data breach? This is a common question that business owners ask me all of the time. In response, I rattle off a laundry list of reasons why reporting is not optional — but mandatory. This includes ethical stewardship and obligations, business and public relationship reasons, and finally legal…
Cybersecurity Risk: Law and Trends – Ethical Boardroom Article
The law is trending toward more risk of liability for Officers and Directors. Learn more about this from my recent article in Ethical Boardroom — full text available without paywall here: Cybersecurity Risk: Law and Trends. Learn more about the CyberGard Business Cyber Risk Management Program
You must be logged in to post a comment.