Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

A paradise for data privacy advocates—Bermuda’s privacy law now in full effect

With enactment of the Personal Information Protection Act (PIPA), Bermuda can now count itself among the ever-expanding list of jurisdictions with enhanced privacy protections. PIPA, passed on July 27, 2016, and entered into force in December 2017, shares many of the more stringent requirements and protections with Europe’s impending General Data Protection Regulation (GDPR), which indicates a growing, global trend towards stepped-up privacy regimes. That said, as much as there are similarities between the regulations, there are important differences, especially for those companies which...
Continue Reading

Hospitals’ Response to Data Breaches May Be Impacting Patient Health

A study presented last week at the 4A Security and Compliance Conference in Philadelphia, found an increase in a common measure of mortality rates at hospitals following data breaches. However, there did not appear to be any correlation between the type of breach or the number of records affected by the breach, leading the researchers to conclude that it was the response to the breach, and not the breach itself that led to the higher mortality rates. This may be an indication that clamp-downs on security made it more difficult for hospital staff to provide the same level of care as they had...
Continue Reading

Indictment in Massive Iranian Cyberbreach Shows Companies Still Vulnerable

If general counsel fear their companies are vulnerable to cyberattacks from far afield, they have good reason. An indictment unsealed Friday details how hackers hired by the Iranian government broke into computer systems of at least 36 U.S. companies, including technology firms, banks, media companies and a law firm. Learn...
Continue Reading

Eversheds Sutherland launches BreachLawWATCH mobile app

We are pleased to announce the release of BreachLawWATCH, a unique mobile app that provides easy, consistent access to data breach statutes across the United States and a growing number of jurisdictions, including Europe and Asia. Easy-to-use functionality enables users to find specific and relevant state and global breach notification regulations at their fingertips. Learn more.
Continue Reading

NERC and power company reach settlement on violations of cybersecurity standards

A power company has reached an agreement with the North American Electric Reliability Corporation (NERC) to pay $2.7 million for violations of a cybersecurity reliability standard. This violation resulted from the online exposure of the company’s data due to a vendor’s mishandling of the data, allowing unrestricted third-party access to 30,000 asset records. The violation posed a “serious” risk to the reliability of the bulk power system because it allowed physical and remote access to the power company’s network. This case highlights the need for supply chain management and sufficient...
Continue Reading

Today’s cybersecurity strategies are “not sufficiently robust or scalable,” Nuclear Threat Initiative says

The cyber threat to nuclear facilities is serious, but the challenge going forward is evident,” Dr. Page Stoutland, NTI vice president of scientific and technicals affairs, said in the post. “Threats and vulnerabilities will continue to mount. Today’s strategy is not sufficiently robust or scalable, and a high level of cybersecurity may never be compatible with current nuclear plant business models. Governments, regulators, facility operators, vendors, and experts need to accelerate our efforts to develop new approaches that can scale to the threats of the future. Learn...
Continue Reading

About face: court finds biometric information creates unique privacy rights

A recent decision from a California federal court increases the risks to companies that use biometric information and reinforces the need to strictly comply with the requirements of biometric protection statutes. Key Takeaways The suit arises from the Illinois Biometric Information Privacy Act (BIPA), which governs the collection, storage, and use of biometric information, including finger prints, retina or facial recognition scans, or photographic likenesses, that can be used to identify an individual. BIPA provides for a private right of action, statutory damages, and attorneys’ fees, and...
Continue Reading

The SEC wants companies to talk about cybersecurity

On February 21, 2018, the Securities and Exchange Commission issued an interpretive release providing important guidance to certain registrants on cybersecurity disclosure. The guidance makes clear its view that material risks or incidents related to cybersecurity fall within a company’s ongoing obligation to disclose material information in current and periodic reports. The guidance also expands on disclosure controls and procedures, insider trading and selective disclosures. The decision to release this guidance underscores a heightened focus on cybersecurity and serves as a reminder to...
Continue Reading

Helping it click into place – Our monthly Asia cybersecurity update

During 2017, cyberattacks continued to evolve and develop sophistication, exploiting both previously unidentified vulnerabilities and known vulnerabilities in new ways. Ransomware attacks such as Petya and WannaCry put critical functions across the world and across industries on hold, while the Mirai botnet attack, unleashed in late 2016, highlighted the increasing vulnerabilities of networked Internet of Things (or IoT) devices. Learn...
Continue Reading

Insurers May Not be Able to Avoid Blockchain, Virtual Currencies ‘Sweeping Through Industry’

Virtual currency, such as bitcoin, is an unregulated digital form of currency that can be used as a substitute for legally recognized currency and eliminates the so-called “middle-man,” which includes banks and clearing houses. Learn more.
Continue Reading

DOE Creates Cybersecurity Office

The Department of Energy (DOE) has created a new office for energy security and cybersecurity. The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will work on energy infrastructure protection and DOE’s role in national security. As Secretary of Energy Rick Perry noted in his statement regarding the creation of the office, “DOE plays a vital role in protecting our nation’s energy infrastructure from cyber threats, physical attack, and natural disaster, and as secretary, I have no higher priority…This new office best positions the department to address the...
Continue Reading

US Partner Michael Bahar Comments on Intelligence Capabilities

Eversheds Sutherland Partner Michael Bahar is quoted in this New Yorker article regarding Chinese intelligence capabilities. “They are a professional service,” said Michael. “They do their homework.” Learn more.
Continue Reading

Tech Giants Brace for Europe’s New Data Privacy Rules

With the deadline for the new rules now just a few months away, Silicon Valley’s tech behemoths have been scrambling to get ready. Facebook and Google have deployed hundreds of people to make sense of the regulations. Many of the companies have overhauled how they give users access to their own privacy settings. Some have redesigned certain products that suck up too much user data. And in some cases, companies have removed products entirely from the European market because they would violate the new privacy rules. Learn...
Continue Reading

Securing the Cloud

Eversheds Sutherland Partner Michael Bahar is quoted in the Winter edition of USA Today Homeland Security regarding increasing efforts to keep data safe in the ‘new normal.’ “Particularly this summer, we’ve seen attackers going further – to extortion, data manipulation, disruption and even destruction,” said Michael. “What is increasingly critical is to respond to the rapidly evolving new normal.” He added, “It’s like washing your hands frequently during cold season. These attacks are remarkably unsophisticated and deeply human. You don’t need to be technically savvy to adopt good practices,...
Continue Reading