In an era where digital threats loom large, the responsibilities of Chief Information Security Officers have expanded beyond traditional IT security to encompass a broader governance, risk management, and compliance role. The infamous SolarWinds Corp. attack illustrates the complex cybersecurity landscape CISOs navigate.
GIPA litigation remains in its early stages, but the possibility of exorbitant statutory damages could make GIPA the next major trend in privacy class action litigation.
The guidance mirrors the recent, broader impulse among U.S. prosecutors and regulatory agencies to extend application of U.S. law to foreign persons and entities, even when those persons and entities have only threadbare connections to the U.S.
With a view toward injecting some modicum of clarity into the volatile arena of NIL, a plethora of legislation has been enacted at the state level and proposed at the federal level.
With the first cybersecurity rule for public companies, and the landscape of ongoing scrutiny and enforcement, SEC registrants should not lose time in reviewing their cybersecurity postures and policies to ensure compliance and, even ahead of formal adoption of certain still-pending rules, align with best practices.
Corporate counsel must understand the difference between advocacy and obstruction when facing government investigations.
The rule will generally ban employers from entering, maintaining or attempting to enter a noncompete agreement with an employee, or conveying — absent a good-faith basis — that a worker is subject to a noncompete clause.
Attacks on building systems could easily be deemed within the scope of the rule and real estate owners who lease to covered entities would likely have to quickly report cyber incidents within 72 hours and payments made after a ransomware attack within 24 hours.
The increasing frequency of "bring your own device" policies creates serious implications for subpoena recipients and litigants to ensure compliance with discovery demands. And courts across the country consider such personal mobile data fair game. To avoid pitfalls —and sanctions — counsel must take proactive steps to ensure proper preservation and collection of personal mobile data and verify that clients comply.
Both the DOJ and the SEC have made it clear that they will look at company BYOD policies when assessing how to resolve matters under their purview. To avoid pitfalls — and sanctions — counsel must take proactive steps to ensure proper preservation and collection of personal mobile data and verify that clients comply.
