Legal
Legal | News, how-tos, features, reviews, and videos
The hidden security risks in tech layoffs and how to mitigate them
Layoffs can be tough for both companies and employees. When grappling with anger, fear, and uncertainty, it's hard for anyone to be at their best. Here are some strategies for avoiding negative outcomes during layoffs.
Blackbaud penalized $3M for not disclosing the full scope of ransomware attack
The company detected unauthorized access to its systems in May 2020 that impacted 13,000 customers.
PayPal sued for negligence in data breach that affected 35,000 users
Alleged data breach victims have sued PayPal in federal court for failing to safeguard their personal data, and are asking for class-action certification.
EU parliamentary committee says 'no' to EU-US data privacy framework
Progress on ratifying the Trans-Atlantic Data Policy Framework hit a snag, as a parliamentary committee rejected a draft decision to adopt the pact, saying it did not comply with the EU's GDPR privacy regulations.
What CISOs need to know about the renewal of FISA Section 702
Section 702 of the Foreign Intelligence Surveillance Act sets out the rules for the US intelligence community around gathering information abroad—but is it inadvertently being used at home too?
US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy
Corporations (and their CISOs) that discover wrongdoing or corruption within their own business are well-advised to self-report such activities and cooperate with prosecutors. The stakes are high for those who don’t.
US Supreme Court leak investigation highlights weak and ineffective risk management strategy
The court’s inability to find out who leaked the draft decision and how they did it is a cautionary tale for CISOs about safeguarding sensitive information and intellectual property.
Meta hit with $413 million fine in EU for breaking GDPR rules
Regulatory wrangling results in a huge new fine over Facebook and Instagram data handling, even as Meta vows to appeal and EU data protection groups prepare for a court battle.
New York-barred attorneys required to complete cybersecurity, privacy, and data protection training
New requirements highlight lawyers’ technical competence duty to meet professional, ethical, and contractual obligations to safeguard client information.
Mondelez and Zurich’s NotPetya cyber-attack insurance settlement leaves behind no legal precedent
Mondelez International and Zurich American Insurance settled a keenly watched lawsuit over how cyberattack insurance applies to intrusions from nation states during wartime. A private agreement, its resolution sheds no light on how...
Former Broadcom engineer gets eight months in prison for trade secrets theft
Peter Kisang Kim admitted to stealing Broadcom data related to its Trident family of network switching and cloud networking chipsets, while working for a Chinese startup.
Instagram faces $402 million fine for alleged mishandling of children’s data
Parent company Meta said that it plans to appeal the decision by the Irish Data Protection Commissioner, which is the second-largest, privacy-based fine on record.
Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach
The four-year-old lawsuit claimed Facebook allowed the British political consulting firm access to private data of over 80 million users.
3 ways China's access to TikTok data is a security risk
The security community weighs in on real-world scenarios in which China or other nations could operationalize data collected by online platforms and how to mitigate the risk.
China's cyber espionage focus: intellectual property theft
The recently uncovered Operation CuckooBees campaign shows how serious China is about using IP theft as a competitive advantage. Protect IP now or chase it later.
Chinese APT group Winnti stole trade secrets in years-long undetected campaign
The Operation CuckooBees campaign used zero-day exploits to compromise networks and leveraged Windows' Common Log File System to avoid detection.
Cybersecurity litigation risks: 4 top concerns for CISOs
Cybersecurity and data protection are expected to become top drivers of legal disputes. What litigation risks should CISOs be most concerned about and what can they do about it?
JHL Biotech's theft of Genentech data holds lessons for infosec
Genentech employees stole the company's data on behalf of JHL Biotech for years. What could they have done to spot the theft sooner?