As we have previously discussed, public companies face a variety of legal issues following large-scale data breaches, which increasingly include federal securities class action litigations.  In the past few weeks, two new such actions were filed.  One lawsuit was filed against Chegg, Inc., an education technology company that provides
Continue Reading

In Part 1 of this blog post, we discussed some key contractual provisions that lawyers should consider when entering into agreements with cloud service providers (“CSPs”).  In this Part 2, we discuss some additional contractual considerations to keep in mind, as well as some post-contract practices to consider in order
Continue Reading

Companies have good reasons to limit business-related communications to devices and applications (“apps”) controlled by the company, and to avoid having sensitive company information on the personal devices and apps of employees:

  • Security: The company does not control the cybersecurity and privacy on employees’ personal apps on personal devices,


Continue Reading

Some of the most significant recent cyber breaches originated at vendors.  We have previously discussed the importance of effective oversight of third parties because vendor breaches can lead to regulatory actions for companies.  Indeed, recent regulatory guidance provides that vendor diligence is an essential part of any cybersecurity program.  This
Continue Reading

In early August, the City of Atlanta reported that the costs associated with its SamSam ransomware infection could reach $17 million, and the FBI has estimated the number of ransomware attacks may be as high as 4,000 per day. To help address the complex issue of when organizations
Continue Reading

There are many good reasons why companies are increasingly migrating parts of the information technology to cloud service providers (“CSPs”), including lower overhead costs, greater data accessibility and mobility, and more efficient disaster-recovery response.  For cybersecurity, cloud solutions offer companies many benefits, such as full-time data security monitoring and data
Continue Reading

In February, we wrote about how the road for plaintiffs in cyber breach class actions may be getting smoother.  Since then, the U.S. Supreme Court has continued to avoid the issue of standing in data breach cases (declining to take up the issue in CareFirst, Inc. v. Attias
Continue Reading

We have written here before about the challenges and benefits of getting rid of old data.  As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning.  Last week, the New York Department of Financial Services (“NYDFS”) issued a reminder
Continue Reading

Appropriate cybersecurity disclosures can reduce risk of class action securities cases following a data breach.  We have written recently on the rise of these class action securities cases, including the Intel case and the Yahoo! $80 million settlement.  We have also been closely watching the Equifax case.  The recently
Continue Reading