On May 23, 2017, it was announced that Target Corporation had settled the investigation initiated by the Attorneys General[1] of 47 states and the District of Columbia resulting from its 2013 data security incident. Besides the $18.5 million being paid (the largest State AG data breach settlement amount to date), it is the promised remedial measures that are of most interest to those following data breach enforcement actions.
May 2017
China Amends Draft Regulation on Cross-Border Data Transfer
We have just received a revised draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (Measures). Here we outline the changes made to the draft Measures first issued on 11 April 2017 for public comment (see our previous briefing and blog post here). The revised draft is likely to be the final version of the Measures. The Measures are to take effect on the same day as China’s Cyber Security Law (Cyber Security Law) on 1 June 2017.
WannaCry Ransomware Attack Summary
In this post, we summarize key facts regarding the WannaCry ransomware attack, provide an abbreviated list of known affected companies, and offer an overview of the legal issues and the response to the attack. This post is an update to our prior coverage of WannaCry.
Houston Event: Cybersecurity, Enterprise Risk and the Boardroom
What could a hacking event mean for directors and officers?
Significant cybersecurity incidents are intensifying and evolving. What are director and officer (D&O) duties to prevent, prepare for and respond to data breaches?
Directors and officers are facing a sophisticated, organized, and motivated adversary in cyber attackers, who are untethered by law, ethics, or fear of capture, and who are supported by a “dark web” of economic infrastructure. Gone are the days where boards of directors only had to mind what competition was doing to their operations. In the wake of these cyber incidents, the role of the C-suite and board of directors in managing cyber risks has come to the forefront.
Join us on May 23 in Houston, Texas, for an engaging discussion on the threats posed by cyber attackers; the responsibilities of the C-suite and board of directors in preventing, preparing for, and responding to, cyber risks; and recent cases that have tried to hold directors liable when cyber events occur.
Large Ransomware Attack Affects Companies in Over 70 Countries
A large-scale ransomware attack began impacting companies and hospitals across the United States, Europe, and Asia early Friday morning. According to reports, companies in more than 70 countries have reported incidents as of Friday afternoon.
The attacks are being…
Hong Kong: SFC consults on proposed measures to improve cyber security for internet trading of securities in Hong Kong
A two-month consultation on proposed measures to reduce and mitigate cyber security risks associated with internet trading of securities in Hong Kong (the Consultation) was launched on 8 May 2017 by the Securities and Futures Commission (the SFC).
The Consultation…
White House Issues Cybersecurity Order
On May 11th, 2017, the White House released an executive order on strengthening the cybersecurity of federal networks and critical infrastructure (the “Order”). The Order marks the administration’s first successful effort to address cybersecurity, after an earlier draft executive order on cybersecurity was postponed in January.
The Order is divided into three substantive sections covering the cybersecurity of federal networks, the cybersecurity of critical infrastructure, and cybersecurity for the nation.
Do promises to use “best efforts” to protect data really require unreasonable action?
Given the stakes if sensitive data is breached, the customer may insist that a vendor use its “best efforts” to protect its data. But one rarely sees a “best efforts” clause in a technology contract, especially with respect to data protection.…
Norton Rose Fulbright Nominated for Cyber Law Firm of the Year
The 2017 Advisen Cyber Risk Awards nominees have been announced, and Norton Rose Fulbright is shortlisted for Cyber Law Firm of the Year. Ballots are now open, and you can show your support for Norton Rose Fulbright by casting…
Cross-border data transfers: China issues new measures to strengthen data localisation
The Cyberspace Administration of China (CAC) issued draft measures for implementing the data localisation provisions under the Cybersecurity Law of China (Cybersecurity Law) and the National Security Law of China on 11 April 2017. The draft regulations are open for public comment until 11 May 2017.