Heading 1


Cyber In security News


After all of the talk about the European Union’s new privacy regulation, which went into effect six months ago, and California’s new state law, which won’t be implemented for at least 14 more months, it’s surprising that few people seemed to notice that Colorado passed a state law before California’s—and it’s already in effect.
     We interviewed a Colorado lawyer who has devoted a good deal of his career to information governance. He explained what the new law does, how Colorado’s scheme differs from those of the other two jurisdictions, and how general counsel should respond. READ
David Hechler, Editor-in-Chief
All the attention may have been on Europe and California, but lawyers need to help their companies focus on the state law that’s on the books.
Privacy legislation has gotten lots of attention this year. The EU’s GDPR made the biggest splash, but California’s Consumer Privacy Act followed with a powerful statement from the state where many of the big tech companies are based. Lost in the frenzy was a law that not only passed in Colorado before California’s law did, but went into effect in September whereas California’s law won’t take effect until 2020. Lawyers can help companies mitigate serious compliance risks. ​ READ.
New laws—especially the EU’s General Data Protection Regulation—have companies seeking to expand coverage.
By Tyler Gerking

An obscure niche product less than a decade ago, cyber insurance is now a staple of many companies’ risk transfer programs. High-profile data breaches have caused businesses millions of dollars in losses and untold reputational harm. Companies are right to shed some of these risks through insurance, but choosing the right coverage requires a group effort that pulls in personnel and resources not just from the finance or risk management departments, but also IT and Legal. READ.
Now that GCs are wary of outside counsel, there’s a lot they can do to shore up cybersecurity.
Ever since the Target breach in 2013, companies have been well aware that their vendors, even seemingly unimportant ones, can cause huge problems as unwitting conduits for cyberattacks. But corporations seemed to ignore the unique risks posed by another kind of vendor. This one is far from unimportant, but it hardly seems like a supplier at all: their law firms. The firms present huge third-party risks. But general counsel often viewed them as a special case. That’s finally changed. ​ READ.
An ABA webinar served up a cyber scenario, but the panelists also examined the causes and the aftermath.
By David Hechler

Law firms and companies are waking up. And if they’ve had a hard time opening their eyes to the threat of cyberattack (and companies seem far ahead of outside counsel), they’re getting help. General counsel are nudging. News reports have highlighted the dangers. And the American Bar Association has yanked off the covers and announced that it’s time to get up. The ABA put together a series of webinars called “Cybersecurity Wake-Up Call.” The fifth and last installment was broadcast in October. READ.