In-house counsel faced with a data breach encounter a difficult balancing act. On the one hand, it is critical to determine the cause of the breach and generate a plan to bolster security systems to reduce the likelihood of similar occurrences in the future. On the other hand, these same reports, usually performed by third-party
It’s 8 a.m., and you just learned that a material cyber-incident occurred in your organization. You fire up your Incident Response Plan. You engage outside counsel, and outside counsel engages a forensic firm. Your company, your outside counsel, and your forensic firm all sign an agreement that the forensic firm will work at the direction
Payment processor/facilitator Allied Wallet, its CEO, and two other corporate officers, recently agreed to settle Federal Trade Commission (FTC) charges that they assisted or knowingly processed fraudulent transactions for merchant-clients. This action indicates that enforcement actions against payment processors are alive and well, despite the FTC’s previously announced end of “Operation Chokepoint,” which, among other
Amidst privacy concerns and booming technological innovation, Sens. Roy Blunt (R-Mo.) and Brian Schatz (D-Hawaii) have introduced a bill proposed as the “Commercial Facial Recognition Privacy Act of 2019” (CFRPA) targeting arguably the most “personal” biometric identifier—our face. While several states have enacted legislation relating to protection of biometric identifiers, this is the
Security researchers and cybersecurity experts recently discovered a weakness in Fiserv’s web platform, which may have exposed the personal and financial details of customers across hundreds of internet banking sites. The flaw involved a messaging platform used by Fiserv to send account alerts to customers of Fiserv-affiliated banks. These alerts can be set up to
Following the recent Equifax data breach wherein millions of consumers’ private information may have been compromised, it is increasingly clear that consumer-interfacing businesses need to, and in some cases are required to, take steps to protect their consumers’ private information. Although not traditionally considered “financial institutions,” auto dealers that engage in financial activities—those that extend
Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to companies operating within the EU that control or process data. Notably, it also applies to companies outside the EU that offer
A Wisconsin federal court recently held that forged USDA loan guarantees did not trigger coverage under a bankers blanket bond held by Wisconsin-based Citizens Bank, resulting in a $15 million loss to the bank. Atlantic Specialty Insurance Co. issued the bankers blanket bond to provide coverage for losses stemming from certified securities or corporate, partnership
As companies and governmental entities increasingly do business and store sensitive information in online or cloud-based environments, the risk of improper disclosure continues to grow. The unprecedented breach of the United States Office of Personnel Management’s (OPM) system, in which the personal data of more than 22 million individuals was stolen, was a topic of