While data has created unprecedented opportunities, it also precipitates new risks and exacerbates old risks. To address these concerns, enterprises should create and maintain a comprehensive data inventory, which includes identifying, classifying and labeling confidential business data, says Mark Paulding of InfoLawGroup LLP.
A Georgia federal court recently ruled in Metro Brokers Inc. v. Transportation Insurance Co. that an all-risk insurance policy did not provide coverage for online fraudulent withdrawals from the company’s bank account. This decision offers guidance as to how a court may treat a policyholder’s claim under a traditional all-risk policy and the effect of broad computer fraud exclusions, says James Kitces at Robins Kaplan Miller & Ciresi LLP.
Given the dim prospects for enactment of comprehensive cybersecurity legislation in the current political environment, the U.S. Department of Defense's new requirements for contractors are an important part of the Obama administration’s efforts to use the government’s procurement power and existing regulatory authorities to increase the cybersecurity of the companies on which the U.S. government relies, say attorneys with Arnold & Porter LLP.
What is the thinking as to whether leaky air conditioner cases warrant multidistrict litigation treatment? On Dec. 5, the Judicial Panel on Multidistrict Litigation heads to Vegas to find out. This will bring a temperature shift in more ways than one from the September hearing, where the panel considered a potential MDL proceeding arising from allegedly defective clothes dryers, says Alan Rothman of Kaye Scholer LLP.
With federal agencies’ increased focus on data breaches, hospitality organizations don’t want to be the last to know how their protected data is being compromised. Even collaborative efforts with agencies such as the FBI to address cybersecurity threats could lead to increased scrutiny and bad reputation among patrons, say Alaap Shah and Marshall Jackson of Epstein Becker & Green PC.
A recent California appeals court decision provides a benchmark for plaintiffs to plead and prove claims under the California Medical Information Act that is consistent with prior nonhealth-care decisions. Plaintiffs must do more than plead mere loss of data, say attorneys with Morrison & Foerster LLP.
The flagship federal website HealthCare.gov has reportedly been subject to 16 potential website breaches. However, HealthCare.gov is only one piece of the website and data network designed to facilitate health plan enrollment under the Affordable Care Act. And, as it turns out, the state-level exchanges may be of greater concern, say David Tolley and Timothy McCrystal of Ropes & Gray LLP.
The New York State Department of Financial Services is “requiring” about 200 banks “to answer questions in real time on Dec. 12 to assess their cybersecurity policies and processes.” But the DFS will not necessarily learn anything new from the Web-based, real-time surveys, nor is that the stated intent, say Ronald Sarachan and Zoe Wilhelm of Drinker Biddle & Reath LLP.
A fierce debate has now emerged over whether the phrase "exceeds authorized access" in the Computer Fraud and Abuse Act applies to violations of internal computer use policies. With circuits lining up on both sides of the argument, it appears that this issue may be ripe for a decision by the U.S. Supreme Court, say Brandon Krajewski and Steven Berryman of Quarles & Brady LLP.
Although the U.S. Department of Defense's recently issued final rule addressing how DOD contractors and subcontractors must safeguard unclassified technical information on their corporate information systems narrows a 2011 proposed rule, it still has wide applicability to private sector information systems where DOD technical information is stored or transmitted, say attorneys with WilmerHale.