Are your cybersecurity management practices reasonable? Do you know your risk tolerance? Are you covering all the cybersecurity bases that make up reasonable cybersecurity? The California Consumer Privacy Act (CCPA) and other emerging laws require organizations to have “reasonable cybersecurity practices.” The challenge is that there is no accepted definition…
The FTC Speaks On January 6, 2020, the Director of the Federal Trade Commission’s (FTC) Consumer Protection Bureau published a blog post with changes to the FTC’s approach to its orders and settlements of data breach enforcement actions. One of the key elements of the report was a revision to…
Looking back with the perspective of two years, the Equifax data breach still has many lessons to teach us. Unfortunately, some of the most important lessons are masked by the extremes of the errors that characterized the original breach, which include insider trading by top executives after the breach was…
By Michael Gold and Bob Braun A new ruling by the Illinois Supreme Court could trigger expensive class action lawsuits and private litigation against businesses, even where plaintiffs do not allege actual injury. The case demands attention, not only from those doing business in Illinois, but throughout the nation. The…
In their column, Top 10 cybersecurity predictions for the new year, Robert Braun and Michael Gold, co-chairs of JMBM’s Cybersecurity & Privacy Group offer predictions on federal privacy legislation (they won’t pass any and if by chance they do, it won’t work), data localization (more companies will have to decide…
The SEC warns public companies that lax cybersecurity practices could violate rules governing internal accounting controls, and offer nine scams as cautionary tales. The SEC has become increasingly active when it comes to cybersecurity. Last month, it issued an investigative report about Business Email Compromises (BCEs) involving nine public companies…
One of the great frustrations in contemplating a data security program is that there is no such thing as a one-size-fits-all solution. There is no law or regulation that specifies the exact steps a company needs to take in order achieve data security. While there are some regulatory and industry…
I’m attending the Arthur J. Gallagher Risk Management Roundtable on September 12 and 13 at the Intercontinental Hotel in New Orleans, where Alex Ricardo of Beazley and I will be speaking on Cybersecurity in the Hospitality Industry tomorrow morning. I’ll be leading a discussion of the unique privacy and security issues…
This article, written by Michael A. Gold, Partner at Jeffer Mangels Butler & Mitchell, was originally published by Bloomberg BNA Corporate Governance Report on October 7, 2013 and articulates the responsibility that corporate boards must own in order to protect the electronic assets of their organization. Read Cyber Risk and…
On February 10, 2011, the California Supreme Court held in Pineda v. Williams Sonoma that ZIP codes are considered “personal identification information” under the Song-Beverly Credit Card Act, California Civil Code § 1747 et seq. (the “Act”). As previously discussed in our January and March 2009 client alerts, the Act…