PUTTING IT INTO PRACTICE: This case illustrates a number of key lessons for practitioners –
1. Remember that dangers lurk within your organization, as well as outside. Here the hack was perpetrated by the exchange’s own users, whose accounts unintentionally gave them stronger permissions on the
system than they should have had.
2. Government agencies, including particularly the SEC, are going after the failure to disclose a material
breach, or worse, cover it up or lie about it. You can work to avoid this danger by preparing properly
with a strong, updated incident response plan.
3. While the underlying facts in this case took place over four years ago, Bitcoin and other cryptocurrencies
remain in their infancy. Industries at this early stage face heightened risks. If you are considering using cryptocurrency or other forms of blockchain technology, choose your vendors carefully. Make sure you are selecting careful, responsible partners, with a strong legal and compliance structure that will minimize your legal and financial risk.
Privacy, Data Security, and Your Board – Day Five
Posted on March 2, 2018
In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will expect this of you, especially as more and more data security issues receive top billing in the news. The board will want to make sure buyers have done their jobs and have looked at and understand the type of personal information the target acquisition collects and stores, how it protects such personal information, and the details surrounding any prior data security breaches suffered by the target. If divesting a company, expect that the other side will ask similar questions about privacy and data security. Boards, in thinking about their duty of care and oversight of privacy and data security matters, will want to make sure that these issues are not forgotten in the M&A process. For our prior post on this topic, click here for day one, here for day two, here for day three, and here for day four.
PUTTING IT INTO PRACTICE: When entering into the purchase or sale of a business, boards are becoming more and more focused on privacy and data security issues and ensuring the appropriate due diligence is conducted to address such risks and issues.
Privacy, Data Security, and Your Board – Day Four
Posted on March 1, 2018
In our fourth installment of privacy, data (cyber) security, and your board, we look at crisis management and data breach issues. As part of providing appropriate duty of care and oversight, board members will want to ensure that the company has an incident response plan in place. They should review and understand the plan. They should want to make sure that the plan actually works. Is it being followed when an incident arises? Can it be followed? Has the response team practiced? And what about when the plan is deployed? Namely, when a cyber incident arises? Keep privilege in mind when talking to the board, for example by having legal counsel conduct investigations and communicate with the board. For our prior post on this topic, click here for day one, here for day two, and here for day three.
PUTTING IT INTO PRACTICE: When your company faces a possible data breach, everyone will want to make sure it is handled well. The board is no exception.
                       47 Eye on Privacy 2018 Year in Review