Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Paul Rosen

Subscribe to all posts by Paul Rosen

SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies
Concluding its investigation into the internal accounting controls of nine public issuers who were recent cyber fraud victims, the Securities and Exchange Commission (“SEC”), Division of Enforcement explicitly reminded issuers to consider cyber-related threats in developing and deploying their Section 13(b)(2)(B) internal accounting controls. The SEC emphasized the importance of tailoring internal accounting controls to… Continue Reading

U.S. Securities and Exchange Commission Ups the Ante for Addressing Corporate Cyber Risks

Posted in Cybersecurity / Data Security
On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) voted unanimously to disseminate its Statement and Guidance on Public Company Cybersecurity Disclosures, an “interpretive guidance” designed to help publicly-traded companies satisfy their cybersecurity risk disclosure obligations. The new guidance supplements the SEC’s initial October 13, 2011 Cybersecurity Disclosure Guidance, which was relatively broad,… Continue Reading

Is Government Data at Risk? Study Finds Industry Cybersecurity Lagging Government

Posted in Cybersecurity / Data Security
Security ratings firm BitSight recently released a report citing a gap in cybersecurity performance between the U.S. Government and contractors.  The report was the result of a comparative security assessment between 1,212 randomly selected government contractors and 122 federal agencies. The assessment found that federal agencies were at least 15 points better than the mean for… Continue Reading

DOJ Asks Supreme Court to Resolve Split over Its Ability to Compel Foreign Records

Posted in Criminal Law, Cybersecurity / Data Security
U.S.-based technology companies and courts across the country have disagreed over the extraterritorial application of the Stored Communications Act in allowing U.S. law enforcement to enforce warrants to reach data stored overseas.  Some courts have treated the data stored overseas as a “physical” object  and, therefore, refused to extend the reach of the Act abroad. … Continue Reading

New Jersey Restricts Retailers’ Collection and Use of Customer Information

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey.  As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on customers’ driver’s… Continue Reading

The PRC Cybersecurity Law Takes Effect

Posted in Cybersecurity / Data Security, Government Regulations & FISMA
The first comprehensive data protection framework in China’s history, the PRC Cybersecurity Law, takes effect today, June 1, 2017, despite concerns from businesses around the world about the law’s stringency and scope. The law will carry with it the authority to impose fines up to approximately $145,000.00 per violation in addition to various administrative and… Continue Reading