Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of
Data Breach
European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)
The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.
At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.
These guidelines should help provide a common interpretation of…
Cyber Risks Facing Health Insurers
I recently did a guest a blog for ID Experts regarding the cyber risks facing health insurers in the wake of the Anthem and Premera breaches. The post, “More Health Insurer Data Breaches Are Coming – What Can You Do to Prepare?,” provides an overview of what other health insurers can do to…
Triple Entente Beer Summit
I hope you will join us on Thursday, May 7 from 6:00 pm – 9:00 pm for the “Triple Entente Beer Summit” at The Washington Firehouse (1626 North Capitol Street Northwest, Washington, DC). This live recording of the three podcasts – Steptoe Cyberlaw Podcast, Lawfare Podcast, and Rational Security – will be your chance…
Treasury Sanctions on Cyber Attackers
The executive order allowing the President to impose OFAC sanctions on hackers is good news. I’ve been calling on the government for several years to go beyond attribution to retribution. See, for example this post from 2012, this Foreign Policy article, and this recent podcast with Juan Zarate. Similar sentiments were expressed …
Why Tort Liability Won’t Produce Good Cybersecurity
Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy.
Those who see tort law as…
“Groundhog Day” for Data Breaches
Here we go again. A prominent company suffers a data breach. The company publicly alerts its customers. The company almost immediately finds itself the subject of inquiries from Congress and the target of investigations by regulators. Before long, class action lawyers will crank out complaints as if they’re Mad Libs, filling in the name of…
Are You Prepared for a Data Breach?
I recently spoke to mainjustice.com (subscription required) about how companies can help prepare for a data breach in this “blame the victim” environment. The video of that interview can be found here:
Is the Congressional Response to the Target Breach Off-Target?
In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type. Lawmakers are eager to write legislation to increase the FTC’s enforcement powers and create a national breach notification standard. But if the congressional response focuses entirely on breach notification and…
Video Interview: Discussing the Target Data Breach with LXBN TV
Following up on my recent commentary on the Target data breach, I had an opportunity to discuss its fallout in a video interview with Colin O’Keefe of LXBN. In the interview, I describe litigation Target now faces and share my opinion on what lawmakers should do to combat breaches like this.