Category Archives: Cyber policy

High Security: How to Minimize Marijuana Data Risks

As we’ve blogged in the past, the cannabis industry is particularly susceptible to cyberattacks. With threats like a federal crackdown and workplace drug testing, customers have a vested interest in keeping their information private. Unfortunately, the newly-legal cannabis industry has limited experience with data security. While traditional industries have the benefit of expertise and mature regulatory oversight to foster best cybersecurity practices,… More

General Data Protection Regulation: What It Means For US Healthcare/Life Science Companies (Part Two)

This is the second post in a three-part series designed to provide a summary of some of the GDPR features that are likely to have the most substantial impact on healthcare/life science related businesses. (Links for Part One and Part Three

New General Features of the GDPR

Some of the GDPR general features may be of particular interest for companies in the healthcare/life science sectors.… More

General Data Protection Regulation: What It Means For US Healthcare/Life Science Companies (Part One)

This is the first post in a three-part series designed to provide a summary of some of the GDPR features that are likely to have the most substantial impact on healthcare/life science related businesses. (Links for Part Two and Part Three)

The clock is ticking: on May 25, 2018, in less than a year from now, the General Data Protection Regulation (“the GDPR”) will apply in all Member States of the European Union (“EU”) and will replace the Directive 95/46/CE (“the Directive”).… More

Webinar on September 13: Privacy and Data Security for the Generalist In-House Counsel

Privacy and data security have rocketed to the top of the list of concerns for all corporate boards. Whether you are a technology company, a biotech, or a traditional widget maker, your company has confidential information about its products, customers and employees. And that information has to be protected as a matter of law, both by statute and under contracts with your customers and suppliers.… More

Can Procurement Law Slow Down Data Breach Response? A Closer Look.

What happens when state and local governments respond to significant data breaches?  They often turn to the private sector for breach response capabilities in order to mitigate damages.  Speed is the name of the game, and state and local governments often move with alacrity to save face.

But what about procurement laws?

The rush to hire sophisticated private entities to support data breach response efforts is in tension with statutory competitive bidding mandates. … More

Top U.S. Cyber Official Resigns

Christopher Painter, the State Department’s “Coordinator for Cyber Issues” stepped down on July 28, 2017. Described as the Department’s “weary soldier in America’s cyber war,” Painter traveled the globe advancing U.S. interests in cyberspace. His efforts included coordinating diplomacy in cyber security matters and launching “cyber dialogues” with foreign powers. The aim of those dialogues: reducing cyber threats ranging from D-DOS attacks to the theft of intellectual property.… More

New Duties for Lawyers? The ABA Weighs In on Cybersecurity.

Recently, the ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 477, which aims to provide guidance and clarity to lawyers as they consider what level of security to give communications with clients.  (I was recently interviewed by Massachusetts Lawyers Weekly on this topic, and you can read the full article here; please note that the article is behind a paywall.)

The bottom line?  … More

Data Security Under Commissioner Ohlhausen: What You Need to Know

The Federal Trade Commission (FTC) has been a critically important regulator of cybersecurity practices in the US, using its authority under Section 5 of the FTC Act to bring enforcement actions against companies for failing to protect their consumers’ private data. This past January, Trump appointed Republican Maureen Ohlhausen as the Commission’s new acting chairwoman. Here’s what you need to know about her approach to data security.… More

HHS to Launch Cybersecurity Center

The Department of Health and Human Services (HHS) will soon launch a healthcare focused cybersecurity initiative modeled on the Homeland Security Department’s National Cybersecurity and Communications Integration Center (NCCIC).  Christopher Wlaschin, Chief Information Security Officer at HHS, announced this development at the 2017 ACT-IAC Health IT-Mobile Forum on April 20.  According to Wlaschin, the new center, to be called the Health Cybersecurity and Communications Integration Center (HCCIC) would seek to reduce the extensive “noise” in the health care industry about cyber threats and to analyze and “deliver best practices and the two or three things that a small provider,… More

CyberOhio Initiative – An Update from the Ohio AGO

We recently posted on the Ohio Attorney General’s CyberOhio initiative and forecasted that the Ohio Attorney General might be the first of many Attorneys General to join forces with industry in the struggle to protect consumer information.  Ohio Deputy General Counsel Craig Rapp, Director of CyberOhio, contacted our blog not only to agree with our prediction, but also to shed more light on what is transpiring in his state. … More

Is Computer Security Broken?

The Economist certainly thinks computer security is broken (and it’s hard to argue the contrary).  In its April 8 edition, The Economist’s cover story proclaims, “Why computers will never be safe.”  While that’s good news for some of us (at least in the short run), for most of us it’s a daunting proposition.  So how to address the problem?  Do we need more regulation, as The Economist suggests? … More

Trump Meets Xi: Will They Talk Cybersecurity?

President Trump has repeatedly claimed that his predecessor was weak on China. But at least with respect to cybersecurity, the facts don’t support that charge. In 2015, “following all-night negotiations,” Robert Silvers writes, the United States convinced China to sign on to a joint commitment against “cyber enabled theft of intellectual property.” Ever since, China’s hacking of U.S. companies has dropped off dramatically. Next month,… More