Botnets, Cyber Weapon Controls, White House Incentives, and More – What We’re Reading in Cybersecurity Now

Here’s a quick look at what’s grabbing our attention right now on JD Supra. Recent updates on the myriad risks, concerns, and legal developments around cybersecurity and data protection:

White House Posts Preliminary Cybersecurity Incentives (Proskauer):

“On August 6, 2013 the White House posted its preliminary list of incentives encouraging the adoption of cybersecurity best practices. The [federal government’s] draft framework of incentives is not due until October of this year, when it will be published for public comment. A final version is expected for February of 2014. The August 6th post serves as an interim step, which allows the private sector an opportunity to think about the recommendations and provide feedback.” Read on>>

White House Outlines Potential Cybersecurity Incentives (BuckleySandler LLP):

“The administration notes that while some of the proposed incentives can be adopted soon after the voluntary framework is established, others will require legislative action. The policy options under consideration include, among others, (i) encouraging cybersecurity insurance, (ii) offering critical infrastructure grants, (iii) limiting liability of participating companies, (iv) streamlining regulations, and (v) providing public recognition.” Read on>>

Beware the Botnets: Cyber-Security is a Board Level Issue (Morrison & Foerster LLP):

“As technology becomes ever more complex, the scope and scale of cyber-risks is increasing at an unprecedented rate. Because responsibility to manage cyber-risks rests with each organisation, it needs to be high on each board’s agenda. It’s clear that this is no longer just an issue for the IT department.” Read on>>

The Current State in Financial Services: Cybersecurity (Reed Smith):

“Recently, in A Call to Arms for Banks, the Wall Street Journal described the intensifying push by regulators for Financial Services firms to better protect themselves and the financial system against cyberattacks. […] Any financial institution that does not include cybersecurity among its enterprise risk programs exposes itself to potentially significant compliance, regulatory, and litigation risk.” Read on>>

FDA Draft Guidance Details Key Cybersecurity Management Measures Expected in Medical Device Submissions (Duane Morris LLP):

“[T]he U.S. Food and Drug Administration (FDA) issued its Draft Guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Recognizing the increasing need for effective cybersecurity, given the proliferation of wireless, Internet- and network-connected medical devices, as well as the increasing electronic exchange of medical device-derived health information, the draft guidance articulates FDA expectations on cybersecurity measures all manufacturers of software-containing medical devices should consider in preparing virtually any type of medical device premarket submission.” Read on>>

EU Targets Cyber Surveillance Exports and U.S. Considers Cyber Weapon Controls (Sheppard Mullin Richter & Hampton LLP):

“In light of the recent high profile disclosures of cyber surveillance, there is increased political momentum in the U.S. and EU to control the export of particular cyber technology products and services. In the EU, the focus is on electronic surveillance equipment, and in the U.S., the concern is the proliferation of cyber weapons.” Read on>>

Texas Says You’re All on Notice by Amending its Data Breach Notification Law (Proskauer):

“Texas recently amended its data breach notification law, to clarify that if a data subject is a resident of a state other than Texas that has its own breach notification law, a company that does business in Texas can notify that data subject either pursuant to Texas law or pursuant to the law of the state of residence. In other words, according to Texas, Texas companies do not have to become familiar with the breach notification laws of other states.” Read on>>

Colombia Adopts Regulations to Implement its Data Protection Laws (Littler):

“With the advent of new rules regulating the protection of personal data, companies with operations in Colombia must implement policies and practices to comply with Colombia’s privacy law. In October 2012, Colombia enacted Law 1581 to regulate the protection of personal data and safeguard the constitutional right of privacy in the midst of the challenges posed by globalization and new technologies that enable the easy electronic transfer of personal data.” Read on>>

Data Protection ‘Around the World’ in IP/IT & Media Newsletter – July 2013 (Reed Smith):

“In 2011, Costa Rica enacted a data protection act which has now entered into force. Because this legislation is similar in content to the European rules, it is expected that Costa Rica will endeavour to be determined as having an adequate standard of data protection by the European Commission. The act introduces the concept of consent to data processing and grants specific rights to the data subjects if their data are published. Data breaches must be reported within five days of becoming aware of them.” Read on>>

How Secure Is Your Pop-Up? (Mintz Levin):

“Because pop-up stores are intended to be temporary, installations of technology infrastructure to support credit card sales is impractical and is often ignored. Speed and simplicity are at the heart of the pop-up strategy. A word of warning, however: cutting corners for rapid and low-cost deployment of pop-up stores is fraught with data security risks. Even a single pop-up location can create data loss significant enough to negatively impact brand and cause a retailer to spend bottom line dollars on forensics, investigation and data breach notifications.” Read on>>

California Attorney General’s Report Reveals Millions Affected By Data Breaches In 2012 (Pepper Hamilton LLP):

“The [California] report shows that 131 … data breaches were reported in 2012, which involved the potential exposure of personal information of 2.5 million Californians. More than half of these breaches (56 percent) involved Social Security numbers, which pose the greatest risk of the most serious types of identity theft. More than half of the breaches (55 percent) were the result of intentional intrusions by outsiders or by unauthorized insiders. The other 45 percent were largely the result of failures to adopt or carry out appropriate security measures.” Read on>>

Survey Says: Fortune 500 Disclosing Cyber Risks (Mintz Levin):

“The recently published Willis Fortune 500 Cyber Disclosure Report, 2013, analyzes cybersecurity disclosure by Fortune 500 public companies. The Report found that as of April 2013, 85% of Fortune 500 companies are following the SEC guidance and are providing some level of disclosure regarding cyber exposures. Interestingly though, only 36% of Fortune 500 companies disclosed that such risk was ‘material’, ‘serious’ or used a similar term, and only 2% of the companies used a stronger term, such as ‘critical’.” Read on>>

Is Your Cyber-Security Better Than a Fortune 500’s? (Sands Anderson PC):

“Despite the significant risks posed by cyber-attack, just more than half of the Fortune 500 companies admitted to having protective technical solutions in place, and 15% also indicated they do not have the resources to protect themselves against critical attacks, the report said. This, even though directors of publicly traded companies could face liability for not properly protecting companies from cyber-attack. What does this mean for privately held businesses? Cyber-attacks are a real danger that could cause significant monetary and reputational damage to a company.” Read on>>

New Trends To Watch In Cyber Risk Insurance (Zelle Hofmann Voelbel & Mason LLP):

“Although specific cyber risk insurance policies are becoming increasingly common, claims related to data breaches continue to be submitted under commercial general liability policies. Some recent decisions addressing these claims provide helpful guidance for practitioners in this area.” Read on>>

Help Clients Insure Against Cyberattacks (Pillsbury):

“The constant threat of cyberattacks presents many and varying challenges for businesses. Insurance provides one way to deal with them. Because the market for insurance covering these risks and the law interpreting these policies both continue to develop, this is an area in which attorneys can help clients by maximizing their opportunity to secure the broadest possible coverage.” Read on>>

Find additional Cybersecurity updates at JD Supra Law News>>