A North Carolina bill designed to strengthen the state’s data breach notification statute could radically change incident response.  Through the Act to Strengthen Identity Theft Protections, North Carolina could quickly become one of the strictest jurisdictions for data security in the country.  The text of the bill has not yet been made public, but a fact sheet released earlier this month indicates that North Carolina may take drastic steps to address the fact that 5.3 million North Carolinians were impacted by data breaches in 2017. 
Continue Reading

In 2014, we saw some of the largest, most expensive and most highly publicized data breaches in history. Unfortunately, the early forecast for 2015 does not appear to be any better. According to Experian’s 2015 Data Breach Industry Forecast, the risk of experiencing a data breach is higher than ever (almost half of all organizations have suffered at least one security incident in the last 12 months). In the Information Age, it has become increasingly clear that the question is when, not if, a company will have a cybersecurity incident. 

Speaking in June 2014 at a cyber risk conference at the New York Stock Exchange, SEC Commissioner Luis Aguilar emphasized the critical role that directors and officers must play in cybersecurity matters:

Given the significant cyber-attacks that are occurring with disturbing frequency, and the mounting evidence that companies of all shapes and sizes are increasingly under a constant threat of potentially disastrous cyber-attacks, ensuring the adequacy of a company’s cybersecurity measures needs to be a critical part of a board of director’s oversight responsibilities. . . . [B]oards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility do so at their own peril.

So what should directors and offers do to avoid becoming the “next Target” or the “next Home Depot?” 
Continue Reading