BCLP Banking Blog

Bank Bryan Cave

Data Breach

Main Content

Snow, Cybersecurity and Data Breaches with Jena Valdetero

the-bank-accountOn the latest episode of The Bank Account, Jonathan and I were joined by our Chicago partner, Jena Valdetero, to discuss snow, cybersecurity and data breaches.  While Jena would normally be the one dealing with winter weather, it was Jonathan and myself watching the snow fall in Atlanta while Jena enjoyed a relatively warm, sunny day in Chicago.

Jena is part of Bryan Cave’s Data Privacy and Security Team, and joined us to discuss some of the current threats in cybersecurity and some of the steps that banks (and bank customers) should be taking, as well as offering some thoughts on how banks can assist their customers in minimizing the ever present cybersecurity risk.

Among the resources discussed by Jena were:

And I’m going to go change my passwords now….

Read More

Preventing Your Own Peach Breach

A Crash Course on Data Breach and Cyber Security

The recent disclosure by the Georgia Secretary of State of voter’s Social Security Numbers has caused a number of our clients – particularly those based in Georgia – to request additional information concerning how to prevent and respond to data security incidents.

To that end we have gathered together our recorded materials on effective breach prevention and response into a suggested week long training program with one suggested hour of programming every day the week following Thanksgiving. Celesq, the company that maintains the recordings of our programs, has agreed to waive the fee for any of our clients that wish to access them during the week.

  • Monday, November 30th: Data Security Boot Camp: A Crash Course in the Law
  • Tuesday, December 1st: Investigating Data Breaches: A Guide for In-House Counsel
  • Wednesday, December 2nd: Cyber-Insurance
  • Thursday, December 3rd: Data Breach Litigation
  • Friday, December 4th: Ethics and Data Breach Investigation

To receive a registration waiver, email Audrey Brekel at audrey.brekel@bryancave.com. To sign up for any, or all, of the days, please follow the directions here.

Read More

Georgia Secretary of State’s Office Has An “Oops Moment” Over Personal Identifying Information

The Georgia Secretary of State posted a letter on its website on November 18, 2015 admitting that, on October 13, the office inadvertently released personal identifying information on registered voters in Georgia. While the letter does not actually spell out what information was released, a lawsuit filed in Fulton County Superior Court this week alleges that the information on the 6,184,281 Georgia voters includes:

  • voters full name
  • residential address or mailing address if that is different
  • race
  • gender
  • voter registration date
  • last date the person voted
  • their social security number
  • driver’s license number
  • date of birth.

The information had been provided on CDs to 12 groups, including political parties and journalists, in a release that normally would only include basic information, such as names, addresses, registration and the last time the person voted. Under normal circumstances, the Secretary of State makes such information available for $500 to interested individuals and entities.

The Secretary of State letter indicates that the office has retrieved all of the CDs that contained the information and has confirmed that none of the data was retained by or disseminated to any third parties. In a day and time when state and federal governments have aggressively pursued private companies for similar inadvertent disclosures, the Secretary of State may still face liability.

Read More

FDIC Examinations and Cyberattack Risk

FDIC bank examinations generally include a focus on the information technology (“IT”) systems of banks with a particular focus on information security. The federal banking agencies issued implementing Interagency Guidelines Establishing Information Security Standards (Interagency Guidelines) in 2001. In 2005, the FDIC developed the Information Technology—Risk Management Program (IT-RMP), based largely on the Interagency Guidelines, as a risk-based approach for conducting IT examinations at FDIC-supervised banks. The FDIC also uses work programs developed by the Federal Financial Institutions Examination Council (FFIEC) to conduct IT examinations of third party service providers (“TSPs”).

The FDIC Office of the Inspector General recently issued a report evaluating the FDIC’s capabilities regarding its approach to evaluating bank risk to cyberattacks. The FDIC’s supervisory approach to cyberattack risks involves conducting IT examinations at FDIC-supervised banks and their TSPs; staffing IT examinations with sufficient, technically qualified staff; sharing information about incidents and cyber risks with regulators and authorities; and providing guidance to institutions. The OIG report determined that the FDIC examination work focuses on security controls at a broad program level that, if operating effectively, help institutions protect against and respond to cyberattacks. The program-level controls include risk assessment, information security, audit, business continuity, and vendor management. The OIG noted, however, that the work programs do not explicitly address cyberattack risk.

Read More

Webinar: What In-House Counsel Should Know About Data Privacy and Data Security Issues in Big Data

March 12, 2015
Noon EDT
REGISTER HERE

Description

The term “Big Data” has become synonymous with the ability to rapidly analyze large volumes of data to predict outcomes and draw other insights. Big Data has grown exponentially as the insights reaped from data analysis have become crucial to the success of many companies. With this growth have come a number of data security and data privacy considerations and requirements for companies involved with big data. Join Jason Haislmaier of Bryan Cave LLP for a discussion of these considerations and requirements, including established and emerging legal standards, regulatory requirements, and best practices for data privacy and data security in a “Big Data” world.

Speaker

Jason D. Haislmaier, Esq. is a partner in the Boulder, CO office of Bryan Cave LLP. Mr. Haislmaier represents emerging and established companies in technology and intellectual property transactions, with an emphasis on developing strategies for protecting, managing, and commercializing technology and intellectual property assets. He has developed a special area of expertise involving open source software licensing and compliance and works with clients in the U.S. and abroad to develop and implement open source software license compliance strategies. Mr. Haislmaier, who frequently lectures on topics involving open source software, cloud computing and other areas of intellectual property, is currently the Board Chair of the Silicon Flatirons Center for Technology and Entrepreneurship, Intellectual Property & Information Technology, and he has been recognized in Colorado Super Lawyers, 2011–2013 and The Best Lawyers in America 2014.

Read More

Bryan Cave Launches Data Breach Hotline for Clients

Bryan Cave has advised numerous clients concerning what to do when their data is accessed by an unauthorized party, lost, or accidentally disclosed. In recent years, the need for victims of data breaches to take immediate action has grown as how our clients respond within the first twenty-four hours following a breach has a dramatic effect on our ability to defend them in resulting investigations and litigation.

Because of the need for immediate action, the Bryan Cave’s Data Privacy & Security Team has launched a Data Breach Hotline that leverages our depth of knowledge and geographic platform to provide clients with access to an on-call member of the Team 24 hours a day, 7 days a week.  A brief description of the service, which is open to all of our clients, can be found below.

Read More
The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.