Cybersecurity and Data Privacy Year in Review
December 2, 2015
As the year winds down, we take a look back at the business law issues that generated the most buzz in each of our practice areas. In the area of cybersecurity and data privacy, we saw new threats emerge as regulators and businesses struggle to keep pace.
In case you missed some of our posts regarding cybersecurity and data privacy, below is a brief recap:
Internet of Things: As the Internet of Things continues to grow, so do the associated security risks, including unauthorized access, misuse of personal information, and personal safety concerns. In 2015, the risks associated with “connected” cars took center stage with the much-publicized hack of the Jeep Grand Cherokee. Due to a security flaw, hackers were able to remotely control the SUV via its UConnect entertainment system.
Government Coordination: The Obama Administration and Congress have both claimed that they made cybersecurity a top priority. Earlier in the year, the President signed an Executive Order intended to promote information sharing regarding cyber threats impacting the private sector. Both chambers of Congress have passed versions of the Cybersecurity Information Sharing Act (CISA), which is intended to address the growing number of corporate data breaches. However, critics of the controversial bill contend that the lack of privacy protections opens the door for wide scale government surveillance.
FTC Oversight: In recent years, the Federal Trade Commission (FTC) has been increasingly bringing administrative actions under Section 5 of the Federal Trade Commission Act against companies that suffered data breaches due to allegedly deficient cybersecurity. In August, the Third Circuit Court of Appeals affirmed the agency’s cybersecurity authority, which confirms that businesses should take the FTC seriously when it comes to data security.
Third-Party Vendor Vulnerability: Regulators, such as the Securities and Exchange Commission and New York State Department of Financial Services, have recently raised concerns that corporate cybersecurity policies and procedures fail to provide sufficient oversight of outside vendors that often have access to secure networks and sensitive data. Hackers are also aware of such vulnerabilities and are using third parties to infiltrate their primary targets. Accordingly, it is imperative that businesses conduct sufficient due diligence regarding the privacy and data security measures adopted by third-parties vendors that have access to sensitive data.
Sophisticated Email Scams: The Business Email Compromise (BEC) scam, a sophisticated email scheme, has resulted in an estimated $1.2 billion in losses worldwide. In the United States, scammers defrauded more than 7,000 companies between October 2013 and August 2015. The fraud typically targets businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The perpetrators compromise legitimate business e-mail accounts by utilizing social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Do you have any feedback, thoughts, reactions or comments concerning cybersecurity and data privacy? Feel free to leave a comment below for Fernando M. Pinguelo If you have any questions about this post or would like assistance with your legal needs, please contact me or the Scarinci Hollenbeck attorney with whom you work.
Additional information and resources:
Cyber Security & Data Protection Law Group: https://scarincihollenbeck.com/practices/cyber-security-and-data-protection/
Crisis & Risk Management: https://scarincihollenbeck.com/practices/crisis-risk-management/
Chief Compliance Officers Now Targeted For Data Breaches
Survey Reveals Many Business Executives Lack Cybersecurity Confidence
Top Cybersecurity Threats Unveiled by Hackers – Is Anyone Safe?