Cybersecurity

Subscribe to Cybersecurity

shutterstock_196544378Cross Posted from Carpe Datum Law.

China has finalized a broad new Cyber Security Law, its first comprehensive data privacy and security regulation.  It addresses specific privacy rights previously adopted in the European Union and elsewhere such as access, data retention, breach notification, mobile privacy, online fraud and protection of minors.

There is plenty in the new law to irritate international businesses operating in China.  It requires in general that Chinese citizens’ data be stored only in China, for starters, possibly requiring global corporations to maintain separate IT systems for Chinese data.  Most of the privacy enhancements benefiting citizens align with those required in the European Union, but it is unclear how the Chinese will expect compliance, particularly since, as with many Chinese laws, its language is vague as to its scope, application and details.  This vagueness leaves interpretation to the State Council, the chief administrative authority in China, headed by Premier Li Keqiang.

The law expands Chinese authorities’ power to investigate even within a corporation’s Chinese data systems, and provides for draconian penalties for non-compliance by business entities or responsible individuals  include warnings, rectification orders, fines, confiscation of illegal gains, suspension of business operations or the revocation of the entity’s business license.
Continue Reading China Finalizes New Cyber Security Law

CaptureDo you and your firm have adequate cybersecurity to prevent yourself (and your confidential client data) from getting hacked?

On Wednesday, December 7, at 11:00 a.m. Pacific, Richard Lutkus, a partner in Seyfarth Shaw’s eDiscovery and Information Governance Practice; and Joseph Martinez, Chief Technology Officer and Vice President of Forensics, eDiscovery & Information Security

Over the past few years, users have become increasingly aware of the inherent dangers of connecting to unsecured Wi-Fi networks. Unfortunately, existing security vulnerabilities in the underlying network hardware may still open a user’s computer to security issues.

Recently, Wired reported that security firm Cylance discovered a vulnerability in a specific brand of network routers deployed throughout many hotel chains throughout the world that could allow someone to install malware on guest’ computers, analyze and record data transferred over the network, and possibly access the hotel’s reservation and keycard systems. Researchers were able to locate 277 vulnerable routers in 29 different countries across and over 100 of them were located within the United States.
Continue Reading Travel Wi-Fi and Security. You May Not Know Who’s Watching.

Much has been written about Heartbleed and the significant impact it has on the security infrastructure of the internet. Articles and blog postings have taken both the “sky is falling” and “it’s not so bad” points of view. However, there is a more fundamental issue which has raised its ugly head – is the use of open source “commercially reasonable” in a security framework?
Continue Reading Heartache from Heartbleed – The Security of Open Source

Cross Posted from Trading Secrets

With all the high-profile breaches that seem to be in the news lately, there is a plethora of “guidance” on cybersecurity. The Attorney General of California has decided to add to this library of guidance with her “Cybersecurity in the Golden State” offering. Cybersecurity is a pretty mature knowledge domain, so I am not quite sure why General Harris has determined that there needs to be additional guidance put in place. However, it is a good reminder of the things that regulators will look for when assessing whether or not “reasonable security” was implemented in the aftermath of a breach. And while there isn’t anything new in the guidance, what is informative is what is not there.
Continue Reading CA AG Throws Her Hat into the Cybersecurity Ring