While businesses operating in California are still adjusting to the requirements of the California Consumer Privacy Act (CCPA) and are watching for enforcement actions brought by the California Attorney General, as its enforcement powers begin on July 1, an expansive new privacy initiative was certified today by the California Secretary
Continue Reading Expansive New California Privacy Measure Cleared for November Ballot

2018 was another busy year for lawyers in the privacy/cybersecurity world – GDPR, CCPA, Marriott, New York Department of Financial Service’s cybersecurity rule deadlines, increased SEC enforcement, more data breach lawsuits, more companies doing table top exercises and risk assessments, etc. But 2019 is looking to be even busier. Below
Continue Reading 2019 Predictions – Top 10 Cybersecurity/Privacy Trends to Prepare for Now

We had previously predicted that the Equifax data breach could lead to increased state-level cybersecurity enforcement. On June 27, the NYDFS announced that Equifax has agreed to take corrective action for its 2017 data breach, as set forth in a consent order reached with the NYDFS and seven other
Continue Reading NYDFS Brings Its First Cybersecurity Enforcement Action

A recent article in the American Lawyer highlights the growing relevance of lawyer-led “tabletop” exercises, where companies engage in half-day or full-day drills designed to test their response plans for various crisis scenarios.

Executives are increasingly utilizing these exercises to hone their emergency policies, procedures, and decision-making.  Originally developed to
Continue Reading More Companies Doing ‘Tabletop’ Exercises to Test Crisis Management

Cyber threats remain a key operational concern for banks, which are otherwise experiencing “near-historic” capital and liquidity highs and improved returns on equity, according to the Office of the Comptroller of the Currency (the “OCC”).  The regulator published its Fall 2017 Semiannual Risk Perspective on January 18th, stating that “operational
Continue Reading OCC Says Cyber Threats Continue to Elevate Banks’ Operational Risk

Companies and law enforcement are increasingly turning to white hat hackers for help.  The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands
Continue Reading Cybersecurity and Vulnerability Assessments: Evolving Law on Hacking and Extortion in the Age of Bug Bounties

View Webcast

Please join us on November 15, 2017, 12:00 pm to 1:00 pm ET for a discussion on cyber vulnerability assessments and the evolving law on hacking and/or extortion, including:

  • Why companies are turning to pools of hackers to test their cyber defenses.
  • The line between lawful and unlawful


Continue Reading Webcast: Cyber Security and Vulnerability Assessments: Evolving Law on Hacking and Extortion in the Age of Bug Bounties

Today marks the first deadline for entities regulated by the New York Department of Financial Services (“NYDFS”) to comply with certain provisions of the recent NYDFS cybersecurity rules.  The NYDFS cybersecurity rules taking effect is a significant event for NYDFS-regulated entities, and for any company facing cybersecurity concerns.  The
Continue Reading Today (August 28) Marks the First NYDFS Cybersecurity Compliance Deadline, With a Certification Deadline Less Than Six Months Away

Earlier this month, HBO disclosed that it is the latest victim of cyber breach extortion, which involves criminals hacking into a company’s computer system, extracting sensitive information (e.g., emails of executives) or valuable intellectual property (e.g., unreleased television scripts or episodes), and then threatening to make the information public if
Continue Reading The HBO Hack: Preparing for a Cyber Breach Extortion

With about a month to go until the first set of NYDFS’s cybersecurity rules go into effect (on August 28, 2017), we are proud to announce the formal launch of the Davis Polk Cyber Blog.  The blog will help you keep pace with industry best practices and be aware
Continue Reading Announcing our Cybersecurity Blog; One Month Until the NYDFS Cybersecurity Rules Take Effect