On 29 July 2019, the Court of Justice of the European Union (CJEU) issued a decision in the Fashion ID case, a case referred to it by a German court. In this blog post we will focus on what this case means with regard to joint controllership when you have social media plug-ins on your
Cybersecurity / Data Security
SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud
Concluding its investigation into the internal accounting controls of nine public issuers who were recent cyber fraud victims, the Securities and Exchange Commission (“SEC”), Division of Enforcement explicitly reminded issuers to consider cyber-related threats in developing and deploying their Section 13(b)(2)(B) internal accounting controls.
The SEC emphasized the importance of tailoring internal accounting controls to cyber-related threats, noting that cyber frauds like those carried out in the nine cases it investigated have caused “over $5 billion in losses since 2013, with an additional $675 million in adjusted losses in 2017.” …
Continue Reading SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud
New Internet of Things (IoT) NIST Draft Publication Provides Welcomed Guidance
Responding to the rise of interconnected technology, the National Institute for Standards and Technology (NIST) has recently issued an introductory document in a planned series of cybersecurity publications addressing Internet of Things (IoT) privacy risks. Open for comment through October 24, 2018, the Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and…
No Summer Vacation for Government as New Cybersecurity Legislation Passes
The federal government has kept busy this summer by issuing multiple regulations impacting government contractors’ cybersecurity. First, the Department of Defense released the 2019 National Defense Authorization Act (NDAA), which included notable cybersecurity provisions involving foreign ownership and Controlled Unclassified Information (CUI), among others. Second, Congress passed the NIST Small Business Cybersecurity Act requiring the…
Upcoming NIST Hosted DFARS Safeguarding Clause & CUI Training – October 18, 2018
The National Institute of Standards and Technology (“NIST”) is hosting a cybersecurity workshop on the Defense Federal Acquisition Regulation System (“DFARS”) Safeguarding Clause and related regulations on Thursday, October 18, 2018. The workshop, in coordination with the Department of Defense (“DoD”) and the National Archives and Records Administration (“NARA”), will provide an overview of Controlled…
PayPal Settles FTC Claims Regarding Venmo’s Disclosure, Privacy, and Security Practices
On February 27, 2018, the Federal Trade Commission (“FTC”) announced a proposed administrative settlement with PayPal, Inc. over allegations that the company failed to make adequate disclosures to users regarding its Venmo peer-to-peer payment service. The settlement underscores the importance of effectively disclosing material information to consumers, including accurately communicating privacy and security practices and user control over optional settings.
Specifically, the FTC alleged that Venmo…
Learn about how Regulation Will Shape Digital Transformation in Crowell & Moring’s 2018 Regulatory Forecast Cover Story: “Digital Transformation: The Sky’s The Limit”
Crowell & Moring has issued its “Regulatory Forecast 2018: What Corporate Counsel Need to Know for the Coming Year.”
The Forecast cover story, “Digital Transformation: The Sky’s the Limit,” provides a look at how technology is helping companies soar to new heights and how regulation can help companies to succeed.…
U.S. Securities and Exchange Commission Ups the Ante for Addressing Corporate Cyber Risks
On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) voted unanimously to disseminate its Statement and Guidance on Public Company Cybersecurity Disclosures, an “interpretive guidance” designed to help publicly-traded companies satisfy their cybersecurity risk disclosure obligations. The new guidance supplements the SEC’s initial October 13, 2011 Cybersecurity Disclosure Guidance, which was relatively broad, by: 1) articulating the SEC’s expectations regarding the adequacy of disclosures; and, for the first time, 2) recommending the implementation of policies and procedures that address disclosure controls as well as insider trading. …
Continue Reading U.S. Securities and Exchange Commission Ups the Ante for Addressing Corporate Cyber Risks
Is Government Data at Risk? Study Finds Industry Cybersecurity Lagging Government
Security ratings firm BitSight recently released a report citing a gap in cybersecurity performance between the U.S. Government and contractors.
The report was the result of a comparative security assessment between 1,212 randomly selected government contractors and 122 federal agencies. The assessment found that federal agencies were at least 15 points better than the mean …
U.K. Announces Fines Up To $24M For Cyber Noncompliance
The United Kingdom’s National Cyber Security Centre (“NCSC”) recently announced guidance whereby industries could be fined up to $24 million (£17 million) for not having effective cybersecurity measures in place. The penalties apply to critical infrastructure sectors including energy, transportation, water and healthcare. While the U.K. government stated that these penalties will be “a last …