On February 20, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. This guidance indicates that the SEC is expecting more robust cybersecurity-related disclosures in the filings of public companies and encourages companies to implement comprehensive cybersecurity policies and procedures.
KMK Law Partner, Joe Callow, presented at the Greater Cincinnati ISSA Chapter Meeting on Wednesday, February 21, 2018 on the topic, "GDPR and Your Business: What You Need to Know and What You Need To Do." This presentation provided an updated analysis of GDPR, discussed its potential application, and provided action steps to establish compliance.
Last week, the D.C. Circuit joined an increasing number of federal courts applying a broad interpretation of the degree of harm required to satisfy Article III standing and expanding the holding of last summer’s Spokeo, Inc. v. Robbins, 136 S. Ct. 1540 (2016).
Last week, the Eighth Circuit Court of Appeals rejected the district court’s approval of the class action settlement in the Target data breach litigation. See In re Target Corp. Customer Data Sec. Breach Litig., 2017 U.S. App. Lexis 1767 (8th Cir. Feb. 1 2017).
Two decisions last week further widened the divide among the Courts of Appeals in applying Spokeo in cybersecurity litigation.
The U.S. Computer Emergency Readiness Team (US-CERT) is implementing new reporting requirements beginning April 1, 2017, and just released new guidelines to help federal departments and agencies; state, local, tribal, and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations submit incident notifications to the federal government.
Two Courts of Appeals have issued decisions during the past week related to cybersecurity and data retention which anyone who maintains electronic data and personal information should read.
As we recently touched on at the KMK Cybersecurity Seminar, lower courts are beginning to apply Spokeo Inc. v. Robins as defendants renew challenges to class certification.
This post is a follow-up to January’s cybersecurity post discussing the cybersecurity considerations in performing due diligence in M&A transactions. The previous discussion can be found here. This post addresses two contractual provisions, the closing conditions and indemnification, which, if properly utilized, can protect acquiring companies from taking on too much cybersecurity risk in M&A transactions.
The Cybersecurity Information Sharing Act (CISA), S. 754, was signed into law by President Obama on December 18, 2015 as part of the larger 2016 Omnibus Spending Bill, and arrived on the cybersecurity landscape with an equally strong set of supporters and opponents. With strong views on both sides, CISA is the first step in building what all will likely agree is of critical importance – improving cybersecurity in the United States.
- Cybersecurity and Privacy Law
- Privacy Laws
- Cybersecurity Regulation
- General Data Protection Regulation
- Cyber Insurance
- California Consumer Privacy Act
- Data Breach
- Class Action Litigation
- Mergers & Acquisitions
- Incident Response Plan
- Information Governance
- Corporate Law
- Federal Trade Commission
- Seventh Circuit
- Department of Justice
- Happy New Year from the CCPA
- Can’t We All Get Along in the Cyber Sandbox?
- California's New Privacy Law is Coming - Are You Ready?
- Gearing up for National Cybersecurity Awareness Month: KMK Hosts Third Annual Cybersecurity & Privacy Seminar
- Ohio Data Protection Act - Safe Harbor for Businesses in Ohio
- Ohio’s Data Protection Act: What You Need to Know
- September 2018 Was a Busy Month for Data Privacy
- GDPR - 90 Days Later
- GDPR: What We're Learned So Far and What to Expect
- GDPR: Less Than 100 Day and Counting to "G-Day" - Here's What You Need to Know