Security Mandates

Subscribe to Security Mandates via RSS

Thumbnail image for Thumbnail image for Thumbnail image for iStock_Lock.jpgBy Kevin Boyle and Kee-Min Ngiam

The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, or securities compliance, as well as securities law practitioners, better understand the Staff’s expectations on disclosure in this area. Our recent Client Alert reviews the

Thumbnail image for Thumbnail image for Thumbnail image for Thumbnail image for iStock_Lock.jpgBy Gail Crawford and Amy Taylor

At the end of 2010, the UK Government raised the national threat level for cyber security risk to Tier One (the same tier as the terrorism threat) and announced it was allocating £650 million (around US $1 billion) to governmental cyber security measures and resilience developments.

A recent report by Chatham House in association with Detica indicates that many private organizations are well behind the government in how they evaluate and defend against these

As part of its cyber security legislative proposal unveiled on May 12, the Obama administration sent to Congress a proposed Data Breach Notification bill that would supersede similar state laws.  If enacted, the bill would dramatically simplify response to data breaches involving residents from multiple states—a process that is now a maze of requirements, often requiring near instant legal judgment under 50 or more statutes as to whether a single breach event is a covered notice event.  In short

Following in the wake of the FTC’s report on online tracking, the Commerce Department has issued its “green paper” on privacy. The report is part of the Department’s ongoing review of privacy practices begun in April this year. While it avoids making many specific policy recommendations, the report does recommend the development of Fair Information Privacy Principles, creation of a privacy office within the Department, and consideration of a national data security breach notification law. The themes are

iStock_Lock.jpgThe Ponemon Institute is out with a new Intel-sponsored study concluding, among other things, that lost laptops cost U.S. organizations in excess of $2 billion a year. Yet, two-thirds of companies surveyed still do not take basic security precautions to protect laptops. A look at prior Ponemon work cited in the report suggests failing to do so likely costs more—almost $50,000 for each lost laptop. Whether you are defending an existing mobile security program or seeking budget support to implement

In a long anticipated report entitled Protecting Consumer Privacy in an Era of Rapid Change, a divided U.S. Federal Trade Commission focused on raising consumer awareness and soliciting industry feedback on online tracking and behavioral advertising. Industry is portrayed as “too slow” to improve privacy practices in this arena. The report proposes a normative framework for how companies should protect consumer privacy, which is designed to serve “as a policy vehicle for approaching privacy.”

While the report solicits industry

On 4 November 2010, Viviane Reding, Vice-President of the European Commission, presented the plans for a reform of the existing European data privacy legislation. Reding demands strengthened rights for data subjects, a better harmonization of the internal market, a revision of the rulings concerning police cooperation and judicial cooperation, a guarantee for a high level of protection for the export of data and a more rigorous application of existing data privacy regulations. Reding hopes to achieve all this by reforming