Photo of William C. Wagner

Bill is a seasoned trial lawyer who concentrates his practice on complex commercial litigation, environmental law, and white collar criminal defense. He holds the CIPP/G, CIPP/US, CPCU designations, is a member of the Sedona Conference Working Groups on Data Security and Privacy Liability, and Electronic Document Retention and Production, and serves as a Steering Committee Member to DRI’s Government Enforcement and Corporate Compliance Committee.

In the unfortunate event that your privacy has been breached and personal images have been stolen, there are several steps that can be taken to have this content removed from the internet. It is important that the following processes are initiated quickly. Once content is on the internet, it can spread quickly and make this process much more difficult and time consuming.

Here is a brief example to show how quickly an image can spread, increasing the difficulty in removing
Continue Reading

The Network Penetration Reporting and Contracting for Cloud Services Rule was the subject of two interim rules published Aug. 26, 2015 (80 FR 51739) and Dec. 30, 2015 (80 FR 81472), before being published as a final rule Oct. 21, 2016 (81 FR 72986), and clarified by DoD through answers to Frequently Asked Questions (FAQs), published Jan. 27, 2017.

The Rule requires that contractors “implement NIST SP 800-171, as soon as practical, but
Continue Reading

Here are three takeaways for your business from the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure signed on May 11, 2017.

1. Incorporate the NIST Cybersecurity Framework into your business.

The Executive Order requires federal agencies to use the well-established NIST Cybersecurity Framework to fulfill their mission to protect federal networks and critical infrastructure and to appropriately plan for and procure cybersecurity training, products, and services for the future.

As background, the Framework was


Continue Reading

A new cyberattack, that is very similar to the WannaCry ransomware virus, is spreading across Europe. Taft’s Technology group is closely monitoring the situation and has prepared the following short summary of questions and answers about ransomware attacks, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.

Q: I have been hit with a ransomware attack, what are my options?

A: You can pay the ransom with the hopes of getting your
Continue Reading

Guides and best practices against cyber-attacks often provide only the illusion of security. In an attempt to turn that illusion into reality, the National Cybersecurity Center of Excellence at the National Institute of Standards and Technologies (NIST) intends to create a lab environment to simulate, test, and address cybersecurity problems for robotic-based and chemical manufacturing processes through standards-based solutions using commercially available software.

The intent is to produce a series of NIST Cybersecurity Practice Guides for four cybersecurity capabilities for
Continue Reading

DOD New Cybersecurity regulationsThe US Department of Defense’s (DoD) new cybersecurity regulations require defense contractors to cooperate with Government support services contractors investigating a “cyber incident that affects a covered contractor information system or the covered defense information residing therein or that affects the contractor’s ability to provide operationally critical support.”  DoD’s Defense Industrial Base Cybersecurity Activities Final Rule, 32 CFR 236.4(b), (m)(5) (effective Nov. 3, 2016); Response to Public Comments, 81 FR 68312 (Oct. 4, 2016).

It doesn’t take much imagination to
Continue Reading

Savvy in-house counsel and business owners termsoften ask are whether the insurers selling cyber policies actually pay claims or whether the policyholders are just buying the right to later sue the insurers for coverage.  The initial wave of cyber insurance litigation involved policyholders trying to obtain coverage for data breaches under their standard commercial general liability policies.  This produced mixed results with some courts finding coverage, while others did not.  The next wave of cyber insurance litigation involved policyholders asserting
Continue Reading

The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).

However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a
Continue Reading

Indiana law does not grant consumers the right to sue Anthem or any other data base owner for negligence following a data breach, according to the federal judge presiding over the Anthem data breach multi-district litigation.  Order, In re Anthem, Inc. Data Breach Litig., No. 15-MD-2617 (N.D. Cal. Feb. 14, 2016).

Instead, Indiana law grants consumers only the right to be notified of the data breach without unreasonable delay.  Indiana Code § 24-4.9-3-1.  If notice is not properly given,
Continue Reading

The U.S. Department of Defense published its Network Penetration Reporting and Cloud Computing Services regulations as an interim rule in August 2015 and updated them in December 2015.  Watch this new webinar replay at your convenience to learn about the regulations, how they may impact your business, and the concerns of industry groups. Click HERE to watch the webinar in its entirety.

 
Continue Reading