Data Security

Protecting Data – Considerations for Drafting Security Schedules

With the exponential growth of cyber threats, cloud computing and remote working, contract provisions regarding data security requirements have also expanded in size and frequency. It has become common practice to prepare schedules to detail (and limit) security requirements. Customers and vendors both have a vested interest in clearly identifying expectations and obligations for such…
Read More
Privacy

Senate Hearing on Promoting Competition and Privacy in the Tech Sector: Two Hearings in One?

On December 7, 2021, the Senate Finance Committee’s Subcommittee on Fiscal Responsibility and Economic Growth conducted a hearing on “promoting competition, growth, and privacy protection in the technology sector.” The hearing could have been conducted using a split-screen format, since one group of Senators and witnesses focused on anti-competitive behavior by the tech giants and…
Read More
OCC

What’s the OCC Banking Regulatory Outlook for 2022?

As the year’s end approaches, the US Office of the Comptroller of the Currency (OCC), a primary US banking regulator, has published its Banking Supervision Operating Plan for 2022. As you might expect, much of the OCC’s focus is on managing the repercussions of the pandemic and the resulting economic, financial, operational, and compliance implications. The specific points it…
Read More
SolarWinds

Shareholders Seek to Hold Current and Former SolarWinds Officials Liable for Massive 2020 Security Breach

Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach. In early November, pension funds and individual shareholders filed a lawsuit against SolarWinds Corporation (“SolarWinds”) as well as current and former members of the board directors. The suit comes in the…
Read More
Cyber Insurance

Ransomware Attacks Continue to Cause More Underwriter Scrutiny

Continued widespread cyber attacks have leaders in just about every industry wary and watchful, and insurance underwriters are no exception. Given the increase in claims from recent ransomware attacks, cyber insurers are requiring even more information as part of their underwriting processes. Applications for cyber insurance are already lengthy and require detailed information around specific practices,…
Read More
EDPB

What counts as a “transfer” of data under the EU GDPR? New draft EU Guidelines released

Summary It is well known that the EU GDPR (specifically, Chapter V) restricts transfers of personal data from the EU to a “third country” (i.e. a jurisdiction outside the EEA) or to an international organisation. But what is meant by a “transfer”? And how does this apply where the extra-territorial reach of the EU GDPR…
Read More
ZTA

An Understandable Guide to Zero Trust Architecture (“ZTA”)

While cybersecurity professionals are generally nice people, and I have nothing against them, they have trust issues. Their spouse, friends, and family may not appreciate the lack of trust, but it goes a long way towards protecting the systems entrusted to them. Cybersecurity best practices are to employ a Zero Trust Architecture (“ZTA”) to the…
Read More
NIST

NIST Publishes Draft Security Criteria for Consumer Software

Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology (NIST) standards for software security. On November 1, 2021, NIST published its initial draft of this standard in a white paper titled “DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling” (the White Paper). The…
Read More
Payments

CNIL Publishes White Paper on Digital Payments and Data Privacy

The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly increased in recent years, fueled by the immediate impacts of the ongoing COVID-19 pandemic and the longer-term growth of e-commerce and open banking. In this…
Read More
CIO

How to Manage the CIO-CMO Relationship

Technology has changed how companies are run, how they communicate and how they compete. In the past decade, firms have dramatically broadened their use of technology in digital operations. As initiatives continue to grow and increase in complexity, they also create the need for more senior-level roles to help make the most of these new…
Read More
Back To Top