Cybersecurity Law - Page 3 of 5 - The Role of Law in a Digital World

The Misperception Around Risk and Liability in the Outsourcing of Payment Processing

By Thomas Ritter, May 10 2018

[social_warfare]

You’ve probably heard the phrase, “You have to spend money to make money,” but what about, “You have to protect money to accept money”? The acceptance of credit cards is a critical and necessary function for any business. In order to reduce the cost around compliance, the vast majority of small and mid-sized companies process and store credit card payments by way of a third-party payment processor. Yet contrary to popular belief, the outsourcing of payment processing to any third-party neither negates a company’s PCI DSS responsibilities nor shields it from an assortment of legal liabilities. As this article will explain, a payment card data breach of any company not in compliance with PCI DSS opens up pandora’s box to an assortment of legal calamities. WHAT IS PCI DSS, ANYWAYS? Created by the five payment brands (American Express, Discover Financial Services, JCB International, Mastercard, and Visa, Inc.), PCI DSS stands […]

The Importance of Encryption in the Loss of a Company-Issued Devices

By Thomas Ritter, April 12 2018

[social_warfare]

One of the leading causes of data breaches continues to be the loss of company-issued devices, all the more perplexing when you consider encryption. This article will explain what encryption is, how to deploy it, and the legal fallout for businesses who fail to implement it. The Case of the Stolen NASA Laptop In 2012, NASA made headlines for all the wrong (and same) reasons. A thief broke into a NASA employee’s car, stealing the employee’s NASA-issued laptop in the process. The laptop contained sensitive personally identifiable information on a “large number” of people, later found to be at least 10,000 employees. A relatively inconsequential inconvenience turned into a huge problem when the federal agency discovered the laptop’s hard drive wasn’t encrypted. The aftermath was costly to the tune of nearly $960,000 of taxpayers’ dollars. Money that was spent on a variety of fronts: notifying suspected victims, providing credit […]

SEC Reminds Public Companies of the Importance of Cybersecurity

By Thomas Ritter, March 1 2018

[social_warfare]

Last summer’s highly publicized Equifax breach prompted conversations (but inexplicably no action) by congressional lawmakers on a company’s legal responsibilities in lieu of a data breach. Of particular concern and outrage in the weeks after Equifax’s disclosure was news that company executives sold stock within mere days from the breach’s discovery. Although a special committee cleared the executives of any insider trading, the news of the coincidental stock sales was publicly panned. Similar suspicions were once again raised over news that Intel CEO Brian Krzanich sold $24 million worth of stock after his company learned of a major security vulnerability in its PC processors. As skepticism abounds over the legality of stock sales by public companies who suffer recent data and security incidents, the Securities and Exchange Commission has decided to join the discussion. Titled “Guidance on Public Company Cybersecurity Disclosures,” the SEC puts public companies on notice — Sellers […]

The Dangers of Weak Cybersecurity in Network Marketing

By Thomas Ritter, December 12 2017

[social_warfare]

A review of this past year’s news cycle illustrates the paramount importance of strong data security. Yahoo, Equifax, Uber, and the list could go on and on. These companies fell victim to data breaches. In turn, they all faced public relations nightmares not to mention ongoing congressional and regulatory investigations. Today’s cyber landscape is relatively straightforward — where any abundance of consumer information exists, cyber thievery is sure to follow. Enter network marketing companies. Primed with and in possession of valuable information attractive to hackers, data security should be of paramount concern to network marketing executives. So why isn’t it? In Part One of this two part series, I’ll explore the ramifications of a data breach for network marketing companies. In Part Two, I’ll give practical tips and advice on ways to both prevent and mitigate the legal consequences of a data breach. Big Money Behind Personal Information Stolen consumer […]

Privilege: The Before and After of a Cyber Breach

By Thompson Burton, October 6 2017

[social_warfare]

Let’s start with a trivia question. Q: What do the companies Target, Genesco, and Experian all have in common? Is it (A) they all experienced data breaches which exposed sensitive consumer information; (B) they all found themselves the subject of lawsuit(s) over the loss of this information; (C) they all invoked the doctrine of privilege — specifically under attorney-client and work product– to protect a retained forensic firm’s investigative findings; or (D) all the above. If you chose D, then you, dear reader, can go on your merry way reading. Cyber attacks and the loss of sensitive information are at the forefront of nearly every corporate executive’s mind. According to a recent study by the Business Continuity Institute, cyber attacks represent the number one concern among business professionals. A proliferation of high-profile breaches over the past twelve months (e.g., HBO, Yahoo, Democratic National Committee, etc.) have left owners of businesses […]