Tag: regulatory

Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies

Posted on by Shawn E. Tuma

FTCIt is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States. In the watershed case solidifying the FTC’s authority to regulate companies’ cybersecurity under the FTC Act, F.T.C. v. Wyndham Worldwide Corp.,  the U.S. Third Circuit Court of Appeals looked to resources published on the FTC’s website and found that Wyndham’s cybersecurity was very rudimentary and contravened recommendations in the FTC’s 2007 guidebook, Protecting Personal Information: A Guide for Businesses.

The FTC recently published a couple of helpful resources on its website and companies of all sizes would be well-served to spend some time reviewing the recommendations in these resources:

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies

Posted on by Shawn E. Tuma

Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central.  This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don’t want to miss it!

Moderator: Shawn Tuma
Presenter: Marta Stephanian, Ten Holter/Noordam
Presenter: Henrik Nilsson, Wesslau Söderqvist Advokatbyrå

 

COUNTDOWN TO GDPR COMPLIANCE: Compliance for Non-EU Companies
Sponsored by Mackrell International
Thursday, December 7, 2017 @ 12:00 PM CT
LINK for more information
Register via email: GDPR@hogefenton.com

GDPR Invite 2 11_21

I hope you are able to attend the webinars and find the information helpful in your business. As always, please let me know if you have any questions or if I can help you.

Shawn E. Tuma | Scheef & Stone, L.L.P.
Cybersecurity & Data Privacy Attorney
2600 Network Blvd., Suite 400, Frisco, TX 75034
214.472.2135 (direct) | 214.726.2808 (mobile)
Email: shawn.tuma@solidcounsel.com
Firm: www.solidcounsel.com
Blog: www.businesscyberrisk.com

National data breach notification law proposed by Senate Commerce Committee members (includes jail?)

Posted on by Shawn E. Tuma

Three Democratic senators introduced legislation Thursday requiring companies to notify customers of data breaches within 30 days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches.

https://www.cyberscoop.com/national-data-breach-notification-law-bill-nelson-uber-equifax-hack/

Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs

Posted on by Shawn E. Tuma

The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber’s data breach of more than 100,000 individuals’ PII despite its promises that their data was “securely stored within our databases.” The FTC found this promise was misleading when compared with the actions the company was really taking. In settling the dispute, Uber entered into a Consent Decree that Continue reading “Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs”

OCR Issues Cyberattack Response Checklist and Infographic

Posted on by Shawn E. Tuma

The United States Department of Health and Human Services’ Office for Civil Rights has just issued a checklist and infographic to aid healthcare organizations and their vendors in quickly responding to cyberattacks in compliance with HIPAA requirements.