Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs

The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber’s data breach of more than 100,000 individuals’ PII despite its promises that their data was “securely stored within our databases.” The FTC found this promise was misleading when compared with the actions the company was really taking. In settling the dispute, Uber entered into a Consent Decree that Continue reading “Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs”

3 More Key Cybersecurity Takeaways General Counsel Should Learn Learn from Yahoo

The lessons that general counsel can learn from the Yahoo data breach just keep coming. A month ago I published 5 Key Takeaways from Verizon’s GC on Lessons Learned from Yahoo Deal and recently I read Yahoo’s Warning to GCs: Your Job Description Just Expanded (Big-Time), which I found to be excellent.

Here are 3 key cybersecurity takeaways that general counsel should learn that are described more in that article. The explanation in the article is very good and the author provides actionable recommendations — I encourage you to read the entire article:

  1. The general counsel has emerged as the most logical and effective quarterback of data breach response.
  2. Yahoo’s actions not only signal the evolution of a new standard of care for general counsel when it comes to cybersecurity but also signal a vast expansion of general counsel oversight. 
  3. Cybersecurity presents every bit, if not more risk than financial reporting failure, and should receive the same level of oversight and audit.

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

5 Key Takeaways from Verizon’s GC on Lessons Learned from Yahoo Deal

A good friend recently shared with me the article Verizon GC on the Lessons Learned from Deal with Yahoo (use Linkedin for paywall access) because he thought it would be valuable information to add to my own cybersecurity knowledge toolbox. Given the experience Verizon’s GC has gained through this process, when he talks about lessons learned, we should all pay attention.

Here are the 5 key takeaways to keep in mind for mergers and acquisitions such as this one:

  1. Have a strategy on how to handle the news of data breaches.
  2. Analyze how a data breach impacts the original goals of the deal and how it will impact investors.
  3. Be very disciplined in messaging, ensuring that all public statements, to all audiences, are a variation of the same core messages.
  4. Know what the parties’ agreement says about data breaches which, necessarily, requires that the agreement address the issue of data breaches.
  5. While due diligence around data breaches may be important, it is more important to have reps and warranties around data breaches because it is unreasonable to expect due diligence to find what the company itself hasn’t found.

Yahoo security lapses laid bare even as Russia blamed for hack

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom

Winter2017New York’s Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think — including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your company ready?

In my latest Ethical Boardroom article, I explain

  1. how these Cybersecurity Regulations can impact businesses of all sizes, in all industries, and all around the world,
  2. what specific steps regulated companies must take to be in compliance with the Cybersecurity Regulations, and
  3. what these Cybersecurity Regulations mean for nearly all companies.

Here is the full article from the Winter 2017 edition (page 140) which is available with free registration to the Ethical Boardroom website: Getting to Grips with New York’s Cybersecurity Compliance Rules

Here are other Ethical Boardroom (@EthicalBoard) articles that I have written that are also available for free:

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Cybersecurity Legal Issues: What you really need to know (slides)

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Continue reading “Cybersecurity Legal Issues: What you really need to know (slides)”