Topic: Vendor management and transactions

Subscribe to Vendor management and transactions RSS feed

US Senators introduce IoT cybersecurity bill

Data Protection Report - Norton Rose FulbrightOn August 1, 2017, US Senators unveiled a bipartisan bill to mandate baseline cybersecurity requirements for internet connected devices purchased by the federal government. Recent attacks demonstrate that connected devices, which make up the Internet of Things (“IoT”), can paralyze websites, networks, and even components of critical infrastructure. The draft bill, introduced by a bipartisan … Continue reading

Interactive Guide to Navigating Data Privacy Risks in Vendor Contracts

Data Protection Report - Norton Rose FulbrightExpanding on their prior article, Norton Rose Fulbright and the global risk advisory company Willis Towers Watson have created an interactive guide to the legal and insurance-based tools that can be used to manage data privacy risks in vendor contracts. This unique guide allows users to navigate between subjects, and explore the details of five … Continue reading

Do Promises To Use “Best Efforts” To Protect Data Really Require Unreasonable Action?

In technology vendor contracts, the vendor’s obligations to protect the customer’s data are often hotly negotiated.  The vendor may want to spell out only the data security measures it currently employs, or—at most—agree to implement “reasonable” data security measures.  Given the stakes if sensitive data is breached, though, the customer may insist that the vendor … Continue reading

Identifying and Mitigating Data Privacy Risks in Vendor Contracts

Data Protection Report - Norton Rose FulbrightNorton Rose Fulbright has teamed up with the global risk advisory company Willis Towers Watson to help provide their clients with the information they need to manage data privacy risks.  In Willis Towers Watson’s Winter 2016 Cyber Claims Brief, Norton Rose Fulbright attorneys Dave Navetta and Matt Spohn worked with Willis Towers Watson Executive Vice … Continue reading

What Merchants and Service Providers Need to Know about PCI DSS Version 3.2

Data Protection Report - Norton Rose FulbrightOn November 1, 2016, the Payment Card Industry (“PCI”) Security Standards Council’s newest set of Data Security Standards (“DSS”) went into effect.  Announced earlier this year, PCI DSS Version 3.2 has made a variety of changes applicable to both merchants that accept payment cards as well as “Service Providers,” which are defined as third-party entities … Continue reading

Recent Case Highlights The Dangers Of Consequential Damage Waivers in IT Contracts

Data Protection Report - Norton Rose FulbrightThe U.S. Court of Appeals for the Eleventh Circuit—one of the highest federal courts below the Supreme Court—recently affirmed a decision in Silverpop Systems, Inc. v. Leading Market Technologies, Inc. finding that all damages flowing from a vendor’s data breach were barred by a standard provision in IT service contracts, disclaiming all liability for consequential … Continue reading

HHS Update: Looking Toward Audits and Increased Enforcement

Data Protection Report - Norton Rose FulbrightThe Department of Health and Human Services and its Office of Civil Rights (OCR) are capping off a very active 2016. In the last 6 months, the OCR has released a new audit protocol, announced new rounds of HIPAA audits, and stepped up enforcement. The flurry of activity comes after a prolonged period of anticipation in … Continue reading

Hong Kong Securities and Futures Commission Focuses on Cybersecurity

Data Protection Report - Norton Rose FulbrightWith its continued focus on cybersecurity, the Hong Kong Securities and Futures Commission (SFC) recently issued a circular to all its licensed corporations (LCs) identifying key areas of concern and suggesting cybersecurity controls. Hong Kong does not have any overarching cybersecurity legislation, and industry-specific regulatory activity in relation to cybersecurity has been limited to date. … Continue reading

Colorado House Advances Bill to Protect Student Privacy

Data Protection Report - Norton Rose FulbrightState education departments and legislatures are grappling with the privacy implications of the expanded use of technology in classrooms and schools serving as central data repositories of a host of personally identifying information (“PII”) on minors. In New York, a group of parents sued the state’s education department to prevent it from handing over students’ … Continue reading

Cybersecurity Efforts Turn Focus to Financial Institutions, Technology Service Providers and “Cyber Resilience”

Data Protection Report - Norton Rose FulbrightFinancial institutions around the country recently received cybersecurity guidance in the form of a new appendix to the Federal Financial Institutions Examination Council’s (“FFIEC’s”) Business Continuity Planning Booklet, which is part of its Information Technology Examination Handbook. In the guidance, the FFIEC places the onus on financial institutions, their boards of directors, and senior management … Continue reading
LexBlog