Australian Cyber Security: A Primer

A Q&A with Leah Mooney of MinterEllison
The cyber security field is rapidly evolving in Australia where new legislation, growing costs and an increased awareness of threats and liability have spurred discussion and concern. I spoke with Attorney Leah Mooney, special counsel in the Insurance and Corporate Risk Group of MinterEllison, about the state of affairs in Australia and what businesses operating there might need to know about looming risks and how to mitigate them.

Continue Reading

Data Breach Costs: Another Look

A Q&A with Sasha Romanosky, PhD, of the RAND Corporation

In a recent study, RAND Corporation policy researcher Sasha Romanosky examined 12,000 data breaches from 2004 to 2015, trying to get a more holistic view of their causes, costs, and associated risks and trends. I spoke with Dr. Romanosky about his findings.

Continue Reading

The MIE Breach: Business Associates and Data Security Risks

A Q&A with J.T. Malatesta of Maynard Cooper & Gale
Medical Informatics Engineering and subsidiary NoMoreClipboard revealed a breach last month affecting up to 3.9 million Americans which has now resulted in a series of class action lawsuits on behalf of victims. The incident is causing headaches for risk managers in the healthcare sector, including their cyber liability insurers. This event underscores how a catastrophic breach for one dominant service provider (in this case, Medical Informatics Engineering, the software company that provides the NoMoreClipboard service) can create a domino effect that impacts multiple organizations. Many insurers are also rightfully concerned about aggregated risk, since they could have multiple insureds and claims stemming from a single event such as this one. I spoke with J.T. Malatesta, chair of the cybersecurity practice of Maynard Cooper & Gale, about the implications of this event and how organizations can better prepare for vendor breaches.

Continue Reading

Recent Developments in Canadian Privacy and Cybersecurity Law

Q&A with Alex Cameron
In Canada, litigation and regulatory activity regarding privacy and data breaches have increased dramatically. I spoke with Alex Cameron of Fasken Martineau, a leading attorney in this area in Canada, about the factors contributing to the increasing risk and potential liability for organizations doing business in Canada. With the recent landmark changes to Canadian privacy law, discussed here, including mandatory breach notification, record keeping for all breaches, and fines, the trends identified below are sure to continue.

Continue Reading

Data Security Risks in Higher Education

A Q&A with John Sileo, Sileo Group
Data security and privacy are a growing concern among educational institutions, with some 727 breaches taking place in higher education from 2005-2014, according to the Privacy Rights Clearinghouse. I spoke with John Sileo of The Sileo Group about the reasons this space has become particularly vulnerable to data loss.

Continue Reading

A View From Europe

 

Group Of Business People Standing In A White Background With BluA Q&A with Nick Beecroft of Lloyd’s of London
New regulation and awareness around growing threats such as operational attacks is changing the face of the European insurance market. I talked to Nick Beecroft, emerging risks and research manager at Lloyd’s of London, about his work assessing cyber vulnerabilities and helping develop products to address them.

Continue Reading

Microsoft on the Frontier for Legal Privacy Protections

Privacy button on keyboardA Q&A with Geff Brown of Microsoft
“Privacy is without a doubt the most exciting area of the law to be involved in right now,” says Geff Brown, assistant general counsel in regulatory affairs at Microsoft. I asked him about the current legal climate for consumers and tech companies around privacy issues and what Microsoft is doing to proactively protect user information.

Continue Reading

Data Breaches: A State’s Perspective

A Q&A with Barbara Anthony, Undersecretary of Massachusetts Office of Consumer Affairs and Business Regulation
Since 2009, Massachusetts has been releasing reports on the state’s data breaches. In 2013, the state received over 1,800 notifications for breach events that had the potential to impact over 1.2 million residents. I asked Barbara Anthony about the current state of affairs in Massachusetts and the data security threats she sees on the horizon.

Continue Reading

The Right to Be Forgotten: Complying with New European Privacy Law

EuropeCyberA Q&A with Claire Bernier, Bersay & associés
Part of the future General Data Protection Regulation currently under discussion between European State Members, Europe’s Right to be Forgotten regulation will apply to any company that does business in the European Union (EU). I asked Paris-based attorney Claire Bernier of Bersay & Associés about this pending law and what implications it might have for organizations around the world.

Continue Reading

Data Breach Public Relations: Getting Ahead of the Message

A Q&A with Melanie Thomas of INFORM
It’s just one of many pressing concerns during a cyber security event, but public relations and crisis communications are absolutely essential for sustaining customer loyalty and brand reputation long after the headlines fade. I spoke with Melanie Thomas of INFORM about how these services work and what companies can do right now to prepare for an emergency situation.

Continue Reading

No more posts.