Tag Archives: cybersecurity

ILN Today Post


Beirne, Maynard & Parsons partner Scott Marrs was quoted in a Law360 article regarding the agreement by Target Corp. and Visa Inc. to reimburse card issuers for costs arising from Target’s 2013 cyber breach. Marrs commented that the agreement reached will serve as a “barometer for future cyber breach settlements.” To view the full article, access the below pdf.

PDF FileTarget Sets High Bar For Data Breach Deals In Visa Pact

Read full article

Data Privacy and Cybersecurity: Merchants beware: You could be on the hook for the next data breach

Starting Oct. 1, 2015, credit card companies and banks will enforce new terms in their acceptance guidelines, commonly known as liability shift provisions. These provisions are based on the rollout of Europay, MasterCard and Visa (EMV) technology. If there is an incident of fraud after October 1, the entity, either merchant or card issuer, utilizing inferior non-EMV technology will be held liable.

EMV is overseen by American Express, Discover, JCB, MasterCard, UnionPay, and Visa. EMV operates through the use of card dipping. A consumer dips his or her card into the bottom portion of a terminal, leaves the card in place, and removes the card when prompted. During that process, an imbedded chip communicates with the terminal by sending a unique transaction code. The EMV chip is the reason credit card companies and banks are sending out new cards. Utilizing EMV technology requires customers to have an EMV credit card and merchants to have EMV card terminals available.

Read full article
ILN Today Post


Energy Executive

With cyber-attacks and cyber-threats becoming increasingly common, Beirne, Maynard & Parsons partner Terry Womac and associate Brandan Montminy discuss how management can protect their organization through awareness of and preparation for possible cyber-security breaches. To read the entire article, please access the below pdf. More…

Read full article
ILN Today Post


In early June 2015, Governor Malloy signed legislation making wide ranging changes to state laws that protect personal information of Connecticut residents (the Act). Key data security expansions and their impacts inside and outside of Connecticut include the following: More…

Read full article

Lessons from the Sony Hack: The Importance of a Data Breach Response Plan

In a decision emphasizing the need for employers to focus on data security, on June 15, 2015, the U.S. District Court for the Central District of California refused to dismiss a lawsuit filed by nine former employees of Sony Pictures Entertainment who allege the company’s negligence caused a massive data breach.  Corona v. Sony Pictures Entm’t, Inc., Case No. 2:14-cv-09600 (C.D. Ca. June 15, 2015).

In November 2014, Sony was the victim of a cyber-attack, which has widely been reported as perpetrated by North Korean hackers in relation for “The Interview,” a Sony comedy parodying Kim Jong Un.  According to the complaint in this case, the hackers stole nearly 100 terabytes of data, including sensitive personal information, such as financial, medical, and other personally identifiable information (“PII”), of at least 15,000 current and former Sony employees.  The hackers then posted this information on the internet and used it to threaten individual victims and their families.  The nine named plaintiffs purchased identity protection services and insurance, as well as took other measures, to protect their compromised PII.

Read full article

Data Privacy and Cybersecurity: Communications with your cybersecurity consultant and forensic reports may now be protected

A recent ruling in Tennessee will prove key for cybersecurity litigation everywhere. In Genesco, Inc. v. Visa U.S.A., the court ruled that when cybersecurity consultants and forensic experts are engaged through counsel, the advice and forensic reports they give to a client are subject to attorney-client and work product privilege.

Specifically, in this one-to-watch case, the court denied Visa’s requests for analyses, reports, and communications made by two cybersecurity firms Genesco retained after it suffered a data breach, finding that those materials were protected by the attorney-client privilege and work product doctrine.

Read full article

“The Art of (Cyber) War: Cybersecurity Tactics for All Financial Institutions” Richik Sarkar and James Giszczak for Bloomberg BNA

As financial institutions of every type and size — national, regional and community banks, thrifts, mutuaIs, credit unions, and non-bank lenders — increase their collection of personal information about their customers and employees, they become larger targets for a data privacy incident. Financial institutions are truly in a cyber war and must fight this battle on four fronts: external threats, intentional misappropriation by rogue employees, data accidentally lost or misplaced, and vendor negligence; accordingly, proper tactics and strategy are essential for survival. 

Read full article

Ready for an OIG Security Audit?

At HIMSS15 in Chicago I had the pleasure of speaking with my colleague, Dave Schoolcraft, regarding the OIG Security Audits. These in depth security audits conducted not by the OCR or CMS, but rather the Office of Inspector General, delve into the security systems of Eligible Hospitals (and potentially Eligible Professionals) participating in the EHR […]

The post Ready for an OIG Security Audit? appeared first on OMW Health Law.

For more information please visit www.omwhealthlaw.com or click on the headline above.

Read full article
ILN Today Post

How to “crash test” the data protection system

By Riccardo Abeti, EXPLegal

There is a frequent error about the conviction that the privacy impact assessment (also known as Data Protection Impact Assessment DPIA but hereafter named just PIA) is a news introduced only by the prevision of European regulatory or by some member state regulation.

Actually the PIA, is the base of every “privacy assessment” from the beginning of privacy regulation, at least since 1996.

No information can be given, no consent can be freely expressed without a basic impact assessment.

So it’s mendacious to think literally that the PIA intervenes only “Where processing operations present specific risks to the rights and freedoms of data subjects”, according to the article 33, of the data protection regulatory draft.  More…

Read full article

International Lawyers Network Forms Cybersecurity & Data Privacy Specialty Group

We’re excited to announce today that the ILN is forming a Cybersecurity and Data Privacy Specialty Group, which will be co-chaired by James Giszczak of McDonald Hopkins (Cleveland, Ohio) and Stuart Gerson of Epstein Becker & Green (Washington, DC). The group joins the ILN’s thirteen other practice and industry-focused specialty groups.

I have the opportunity to work closely with the chairs of our specialty groups as their facilitator, and I particularly enjoy working with lawyers who have a passion for their work, which Jim and Stuart certainly do in this area. I expect great things to come from the CDP guys and gals! 

Read full article