Trump Cybersecurity Executive Order

Posted Leave a commentPosted in National Security

President Trump signed today a long-awaited Executive Order on Cybersecurity.  I think it is mostly a non-event.  There are some helpful provisions, including a requirement that government agencies implement the NIST Framework.  Otherwise, it requires  a series of executive reports on cybersecurity preparedness, generally within 90 days of the Order.  As others have noted, those […]

DTSA Statistics

Posted 2 CommentsPosted in DTSA

Introduction Trade secrets are important to cybersecurity because many data breaches involve trade secret theft.  The Defend Trade Secrets Act of 2016 (DTSA) amended the Espionage Act of 1996 to provide a federal private right of action for trade secret misappropriation.   Some commentators opposed the DTSA in part because it seems redundant in light of state trade […]

Why Education and Training Matter to Cybersecurity Compliance

Posted Leave a commentPosted in Cyber Compliance / Regulation

Cybersecurity is an overwhelming problem – so overwhelming that it seems impossible to address.  From the legal and compliance perspective, the problem is compounded by a lack of clear regulatory rules or judicial precedent about what kinds of measures might be sufficient to mitigate the risk of liability for a data breach or other cybersecurity […]

Presentation on Cybersecurity and the Economic Loss Doctrine

Posted Leave a commentPosted in Cyber Risks, Data Breach Litigation

Here are the slides for my presentation on cybersecurity and the economic loss doctrine at the NJICLE 2016 Cybersecurity Conference.

Presentation on Law Firms and Cybersecurity

Posted Leave a commentPosted in Cyber Risks

Here are the slides for my presentation on law firms and cybersecurity at the NJICLE 2016 Cybersecurity Conference.

Slides for PLI

Posted Leave a commentPosted in Cyber Compliance / Regulation

Here are my slides for the “Think Like a Lawyer Talk Like a Geek” PLI Presentation tomorrow.  

LabMD Enforcement Stayed

Posted Leave a commentPosted in Cyber Risks, FTC

The FTC’s enforcement action against LabMD has been stayed in an unusual grant of emergent relief by the Eleventh Circuit.  The FTC’s Opinion in LabMD essentially established a negligence balancing test for cybersecurity compliance.  A negligence balancing test requires a rough evaluation of the burden of avoiding a risk (B) compared to the probability of […]

FTC Data Breach Response Guide

Posted Leave a commentPosted in Cyber Compliance / Regulation

The FTC has issued a new data breach response guide for businesses.  There is a good amount of useful information in the guide, particularly in the steps to take immediately upon learning of a data breach.  In particular, the steps to secure affected operations are important, including assembling a forensic and legal team, securing physical […]

The FTC, Ransomware, and You

Posted Leave a commentPosted in Cyber Compliance / Regulation, Cyber Crime, Cyber Risks

“Ransomware” is malicious software that enables attackers to hold computer data or a computer network hostage until a ransom is paid.  Ransomware often encrypts all the files on a system, making them unusable until the attacker supplies an encryption key.  An FBI Alert issued last week stated that ransomware infections are at an “all-time high.”  […]

Microsoft and the Law of the Cloud

Posted Leave a commentPosted in Cloud, ECPA, Internet Governance, National Security

Microsoft is waging a multi-front legal war over control of the “cloud.”  The Second Circuit recently handed Microsoft a battlefield victory in a case captioned In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation, — F.3d —, 2016 WL 3770056 (2nd Cir. 2016). The case concerns […]