Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of
Data Breach
European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)
The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.
At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.
These guidelines should help provide a common interpretation of…
Cyber Risks Facing Health Insurers
I recently did a guest a blog for ID Experts regarding the cyber risks facing health insurers in the wake of the Anthem and Premera breaches. The post, “More Health Insurer Data Breaches Are Coming – What Can You Do to Prepare?,” provides an overview of what other health insurers can do to…
Triple Entente Beer Summit
I hope you will join us on Thursday, May 7 from 6:00 pm – 9:00 pm for the “Triple Entente Beer Summit” at The Washington Firehouse (1626 North Capitol Street Northwest, Washington, DC). This live recording of the three podcasts – Steptoe Cyberlaw Podcast, Lawfare Podcast, and Rational Security – will be your chance…
Treasury Sanctions on Cyber Attackers
The executive order allowing the President to impose OFAC sanctions on hackers is good news. I’ve been calling on the government for several years to go beyond attribution to retribution. See, for example this post from 2012, this Foreign Policy article, and this recent podcast with Juan Zarate. Similar sentiments were expressed …
How Hackers Use Law Firms to Their Advantage
Recently, I was the keynote speaker for CityNationalBank’s “Cyberespionage: Who Wants Your Data? And What Can You Do About It?,” where I discussed the increased cyberattacks on law firms involved in international mergers and acquisitions.
Why Tort Liability Won’t Produce Good Cybersecurity
Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy.
Those who see tort law as…
A Week of Bad News and Good News in Cybersecurity – Here’s What You Need to Know
It was a busy week for companies and government agencies struggling to combat the growing threat of cyber-attacks, with some bad news and some good news. Here’s what you need to know, and how we can help.
What you Need to know
First, the bad news:
- Lawsuits against Target move forward and lawsuits against Home
…
As Evidence Mounts, It’s Getting Harder to Defend Edward Snowden
The evidence is mounting that Edward Snowden and his journalist allies have helped al Qaeda improve their security against NSA surveillance. In May, Recorded Future, a predictive analytics web intelligence firm, published a persuasive timeline showing that Snowden’s revelations about NSA’s capabilities were followed quickly by a burst of new, robust encryption tools from al…
“Groundhog Day” for Data Breaches
Here we go again. A prominent company suffers a data breach. The company publicly alerts its customers. The company almost immediately finds itself the subject of inquiries from Congress and the target of investigations by regulators. Before long, class action lawyers will crank out complaints as if they’re Mad Libs, filling in the name of…