Ms. LiCalzi is an associate in Davis Polk's Litigation Department. [Full Bio]

We recently wrote about companies monitoring employees to reduce cybersecurity risks. Those insider threat risks do not end when employees leave the company. Sensitive company data in the hands of a disgruntled former employee is obviously a potential risk, but so is unauthorized access to confidential company information by a
Continue Reading Cyber Monitoring Employees Part 2 – Insider Threats Continue After Employees Leave

On November 1, Canada provided the U.S. with another model for a national breach law:  the Personal Information Protection and Electronic Documents Act (“PIPEDA”).  Under that law, companies are required to notify Canada’s Privacy Commissioner and affected individuals as soon as feasible if they experience “any breach of security safeguards
Continue Reading What You Need to Know About Canada’s New Breach Notification Law

A recent SEC Order should be a reminder to registered entities, including small- and medium-sized firms, that the SEC is monitoring the reasonableness of their cybersecurity policies and procedures, and that it may take action in the event of a breach, even in the absence of economic harm.

The SEC’s
Continue Reading SEC Penalizes Cybersecurity Weakness

In the lead-up to the EU’s General Data Protection Regulation (“GDPR”) becoming effective on May 25, little attention was paid in the U.S. to the private right of action that the GDPR creates. But so far, private actors have filed approximately 24 cross-border GDPR complaints with EU regulators.

At least
Continue Reading Private Actions Under the GDPR—One More Privacy Concern for U.S. Companies to Worry About?