Monthly Archives: October 2011

There is an interesting article in this week’s Boston Business Journal on venture capital in the data security space: "Securing profits: Venture capitalists betting online security will be big money-maker." More

Ensuring strong and efficient data storage and secured systems is the foundation of any successful business in today’s global business environment; the continued migration to cloud computing only amplifies this need.  New England and Israel are global leaders in innovation and entrepreneurship and major players in the global software/IT industry, with the innovations of its companies earning international recognition and prestige.

The New England-Israel Data Storage &… More

Late last week, the U.S. Court of Appeals for the First Circuit ruled that victims of a data breach could pursue compensation from the merchant whose systems were breached for their costs of credit card replacement and identify theft insurance, under theories of breach of implied contract and negligence. See Anderson v. Hannaford Brothers Co., — F.3d —, 2011 WL 5007175 (1st Cir. Oct. 20, 2011).

As alleged by the plaintiffs in their class-action complaint,… More

I was interviewed and quoted as part of a Compliance Week article on the new SEC guidance on disclosures of cyber security incidents:

Colin Zick, a partner at law firm Foley Hoag, says the guidance is too general and that companies will have to think hard when assessing what information to disclose. “There are a lot of cyber-incidents, and there are lots of ways how these will affect your business,”… More

In a story in the October 17 online edition of the New York Times, it was reported that the United States considered engaging in cyber-warfare against Libya early in the campaign to unseat Colonel Qaddafi. 

What seems clear is that this was not a prize worth the price of the precedent such a cyber-attack would create, particularly as it would open the United States to similar,… More

On October 13, the SEC issued CF Disclosure Guidance: Topic No. 2:  Cybersecurity.
This guidance provides the Division of Corporation Finance’s views regarding disclosure obligations relating to cybersecurity risks and cyber incidents.  It follows Chairman Schapiro’s June 2011 letter to Senator Rockefeller on the subject. More

It’s a pretty technical read, but this recent Microsoft report, "Sex, Lies and Cyber-crime Surveys" by Dinei Florencio and Cormac Herley tries to support an interesting hypothesis:  cyber-crime surveys that suggest huge losses from hacking and phishing aren’t reliable.  Here’s an excerpt of their thinking:

First, [cyber-crime] losses are extremely concentrated, so that representative sampling of the population does not give representative sampling of the losses.… More

It was revealed recently that Sony’s on-line services were the subject of another significant attack. This incident, however, did not exploit a vulnerability in Sony’s security infrastructure so much as it highlighted the cascading effect of data breaches.

Rather than try to scale any fences or jimmy any windows, this attack used account holders’ own keys to open the front door. According to a statement by Sony,… More

Please join Foley Hoag’s Labor and Employment attorneys on November 15 from 8:30 a.m. to 10:00 a.m. for a discussion of new challenges that employers face with social media. Topics to be reviewed include:

• Employer monitoring of employee activities on social media sites such as Facebook, Twitter and LinkedIn;
• Whether employers can discipline employees for their posts,…

More

Please join me and my friends at Co3 Systems for a free webinar,”Data Breaches & Compliance:  Understanding The Law and How You Can Prepare” to be held on Thursday, October 20, 2011 1:00 p.m. – 2:00 p.m. EDT. To add this webinar and the call-in information to your Outlook calendar, click here.  I will be presenting with Ted Julian of Co3; Ted brings a wealth of experience from working at Arbor Networks,… More