GDPR: Why U.S. Companies Should Care

This is part one of a multi-part look into the EU’s General Data Protection Regulation (GDPR) and why U.S. companies need to concern themselves with an EU law, the difference from U.S. regulations and the different mechanisms available to comply. We will conclude this series with a webinar on Jan. 17,  2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series.

The GDPR is a … Read More

Phone Hacked? Personal images stolen? 3 Essential Tips to Help You Respond Quickly

In the unfortunate event that your privacy has been breached and personal images have been stolen, there are several steps that can be taken to have this content removed from the internet. It is important that the following processes are initiated quickly. Once content is on the internet, it can spread quickly and make this process much more difficult and time consuming.

Here is a brief example to show how quickly an image can spread, increasing the difficulty in removing … Read More

Small Defense Contractors – Are You Ready For NIST SP 800-171?

The Network Penetration Reporting and Contracting for Cloud Services Rule was the subject of two interim rules published Aug. 26, 2015 (80 FR 51739) and Dec. 30, 2015 (80 FR 81472), before being published as a final rule Oct. 21, 2016 (81 FR 72986), and clarified by DoD through answers to Frequently Asked Questions (FAQs), published Jan. 27, 2017.

The Rule requires that contractors “implement NIST SP 800-171, as soon as practical, but … Read More

Three Takeaways for Your Business from President Trump’s Executive Order on Cybersecurity

Here are three takeaways for your business from the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure signed on May 11, 2017.

1. Incorporate the NIST Cybersecurity Framework into your business.

The Executive Order requires federal agencies to use the well-established NIST Cybersecurity Framework to fulfill their mission to protect federal networks and critical infrastructure and to appropriately plan for and procure cybersecurity training, products, and services for the future.

As background, the Framework was … Read More

Q&A: Ransomware Attack

A new cyberattack, that is very similar to the WannaCry ransomware virus, is spreading across Europe. Taft’s Technology group is closely monitoring the situation and has prepared the following short summary of questions and answers about ransomware attacks, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.

Q: I have been hit with a ransomware attack, what are my options?

A: You can pay the ransom with the hopes of getting your … Read More

5 Cybersecurity Tips for In-House Counsel

Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 tips to make sure your company is prepared in case of an attack.

  1. Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your
Read More

10 Tips for Presenting Complex Cases In Arbitration

The American Arbitration Association (AAA) and its International Centre for Dispute Resolution (ICDR) recently created an aerospace, aviation and national security panel of arbitrators to handle complex, high-value aerospace, aviation, defense, cyber and security-related disputes. Similarly, AAA has a special panel of arbitrators to handle technology-related disputes. But what should companies involved in these types of arbitration cases expect?

Taft attorneys Bill Wagner and Michael Diamant recently published an article in Law360 with 10 tips for presenting complex cases in … Read More

DHS Proposed Rules Cover Privacy Training, IT Security Awareness Training and the Safeguarding of CUI

In January, we wrote about the new training requirement for employees who handle personally identifiable information (“PII”) or who build systems containing PII. On the same day that rule went into effect, Jan. 19, 2017, three related Department of Homeland Security (“DHS”) proposed rules were published in the Federal Register covering mandatory privacy training, information technology (“IT”) security awareness training, and the safeguarding of controlled unclassified information (“CUI”). Comments on all three proposed rules are due on Monday, March 20, … Read More

Taft Co-Hosts Upcoming Panel Discussion: Cybersecurity: Recent Developments and Risk Mitigation Strategies

Please join us at Taft Indianapolis on March 21 for a breakfast event featuring an informal, interactive panel discussion covering recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies.

Agenda:

Registration and Continental Breakfast: 7:30-8:00 a.m.
Discussion: 8:00-9:30 a.m.

Panelists:

  • Richard L. Banta and Alex J. Carroll from Lifeline Data Centers, LLC
  • Frederick W. McClaine from Shepherd Insurance
  • James A. Butz and William C. Wagner from Taft Law

Click here for the PDF invitation … Read More

Wagner Article “Takeaways From NASA Cloud Security Audit” Published by Law360

Bill Wagner authored the article “Takeaways From NASA Cloud Security Audit,” which was published by Law360 on March 1. The article discusses the Office of Inspector General’s audit report on the security of NASA’s cloud computing services and offers discussion points for corporate management and directors to consider in their own cybersecurity efforts.

In the article, Bill also provides some discussion points for a tabletop review of NASA’s audit findings with your management and board.

Bill is co-chair … Read More

LexBlog