Spencer Fane LLP Logo
Latest Posts

Shopping for Cyber Insurance? Initial Lessons Learned from the Courts

The burgeoning multi-billion dollar cyber insurance market is expected to continue its 25%+ annual growth over the next few years. Despite this dramatic growth, the market is plagued with uncertainty over the meaning of key policy terms and scope of coverage. The lack of both uniformity in cyber policy language and judicial guidance interpreting policy language prevent companies from confidently assessing their loss exposure in the event of a major data breach.

Yet Another Data Sheriff In Town: CFPB Issues Its First Data Security Enforcement Action

On March 2, 2016, the CFPB finalized a Consent Order with Dwolla, an online payment platform, for violations of the CFPA.  It is the CFPB’s first enforcement action related to data privacy and security.  It is notable because Dwolla appears to have become an enforcement target due solely to its robust claims about security, and not due to any data breach.  It also places obligations on Dwolla’s Board to become responsible for data privacy and security in the company.

EU-US “Privacy Shield” Disclosed to the Public

The past week has seen two key developments in EU-US data privacy relations — the US enacted the Judicial Redress Act into law, and EU and US officials published the proposed EU-US Privacy Shield protocol for transatlantic data transfers.  While the Privacy Shield still has a gauntlet of EU bureaucracy to navigate, companies that relied on Safe Harbor should begin to plan now to comply with the robust new requirements of Privacy Shield, or implement other measures to satisfy the EU Privacy Directive to import EU data to the US.

President Obama Goes Big on Privacy and Cybersecurity

As part of a massive new initiative, Obama establishes the Federal Privacy Council and a national commission on cybersecurity

EU announces “Privacy Shield” agreement to replace Safe Harbor transatlantic data pact

  • U.S. organizations wishing to import data from EU subjects will be subject to much more “robust” privacy protocols
  • Final approval still faces hurdles

Safe Harbor Under Siege – Is This The End For The EU-U.S. Safe Harbor?

The EU-U.S. Safe Harbor Framework (“Safe Harbor”) has provided companies on both sides of the Atlantic an efficient means to transfer personal information to and from the EU and the U.S. Recently, however, the Safe Harbor has come under attack. EU officials have opined that modern U.S. policy has eroded protections afforded under the Safe Harbor, resulting in the Safe Harbor no longer offering “adequate” protection as required by the EU Data Protection Directive 95/46/EC (“EU Directive”). Most recently, and perhaps the most concerning, is the opinion from Advocate General Yves Bot of the European Court of Justice (“ECJ”), whereby Bot recommended the Safe Harbor be declared invalid.

Anthem Security Breach May Require Plan Sponsor Action

The well-publicized cyber-attack on Anthem, Inc.’s information technology system may require employers to take prompt action to protect the rights of their health plan participants. Although neither the scope nor the cause of the security breach has yet been determined, the attack has been described as both “massive” and “sophisticated.”

Updated Proposed Federal 30-day “Shot Clock” For Data Breach Notification

As we wrote yesterday, President Obama has called for legislation (the Personal Data Protection and Privacy Act) that will require notice of a data breach within 30 days of discovery by your company.

Proposed Federal 30-day “Shot Clock” For Data Breach Notification

In November we discussed the standards in place for whether and when a consumer must be notified of a data breach. The current answer is that almost all states have laws requiring notification, but the format and timing of the notification vary from state to state.

Banks: The Forgotten Victim of a Data Breach

Data breaches have become a phenomenon of late—with news seemingly breaking everyday on the latest victim and the potential harm to consumers. Often overlooked, however, is the impact that each new data breach has on banks.

1 2 Showing 1-10 of 15 results View All