Privacy & Cybersecurity

Directors never want to be in the unenviable position of having to seek coverage under their D&O policy. Nevertheless the D&O policy is an indispensable corporate expense, particularly in the case of public companies, where exposures can be much higher.

Last week, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing its Cybersecurity Initiative.  

A data breach is not a unitary or self-contained event. The fallout from a breach could impact the directors as well. A security breach may lead to an investigation or an enforcement action by the Securities and Exchange Commission (SEC).

Each day this week, we are going to explore some of the issues in the rapidly growing area of cyberliability. We will examine the recent increase in focus on privacy issues, why directors should be concerned, the top questions directors should ask when it comes to coverage for cyber investigations, and what kind of cover is available for privacy violations.

Happy Cinco de Mayo!
Breaking news this Privacy Monday: The fallout from the massive Target Corporation data breach continues. This morning, the Target board announced that Chief Executive Officer Gregg Steinhafel has resigned effective immediately.

In the background to the current discussions, of course, we have lurking the behemoth of the draft Regulation that is very likely to replace the current Directive that governs privacy in the EU.

C-suite executives and board members are becoming more concerned about the risks posed to their companies by cyberattacks and data breaches.

Some important takeaways to start your weekend:
Data Breach Incidents—Especially “Ransom” Incidents, are on the Rise—One panelist observed that the New York State Attorney General’s Office received reports of approximately 900 data breach incidents during the past year alone.

Two days ago, we heard that Target Corporation has brought in an information security heavy hitter to oversee the company's post-breach data security and technology operations. Now we learn that its home base of operations, Minnesota, is the latest state to propose a legislative reaction to the Target data breach.

Companies today need to be thinking of cyber risk management as part of their overall corporate risk management.

For the last Monday in April, we have a few privacy and security bits and bytes to start your week.
Trending Now - 5 Things Every Company's Data Security Program Should Include

The FTC has just published updates to the COPPA FAQs, the Commission’s compliance guide for businesses and consumers, to address the applicability of COPPA and the Amended COPPA Rule to educational institutions and businesses that provide online services, including mobile apps, to educational institutions.

How much is the cost of doing nothing when it comes to encryption of sensitive data? In the case of electronic protected health information, about $2 million.

Yesterday, Mintz Levin attended a panel breakfast sponsored by the New York City Bar's Committee on Women in Intellectual Property. The panel featured two practitioners, one from the public sector and one from the private sector.

As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.” We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate.

Today is the running of the 118th Boston Marathon.

As a follow-up to our commentary here on the headline-grabbing Heartbleed bug, I had the opportunity to discuss the subject with Colin O'Keefe of LXBN. In the brief interview, I explain how companies should respond to the bug and the uncertainty surrounding the liability they may face.

There has been so much news swirling in the data privacy and security world in the last few days, that it has been difficult to keep up.  We'll give you a roundup here for your Friday and weekend reading.

Following a string of high-profile data breaches and new data suggesting that approximately 21.3 million customer accounts have been exposed by data breach incidents over the past two years, the California legislature has introduced legislation aimed at making retailers responsible for certain costs in connection with data breach incidents. 

Last week was certainly the "week of the Heartbleed." Unless you have been on vacation on a remote island (and if so, good for you!), you have heard and read much about the latest mass bug to infect the Internet.