Cybersecurity

September 9, 2019, Inside Privacy

On Friday, September 6, 2019, our Government Contracts practice posted an article on Inside Government Contracts about the U.S. Department of Defense’s recent release of its draft Cybersecurity Maturity Model Certification (“CMMC”) for public comment. The CMMC was created in response to growing concerns by Congress and within the U.S. Department of Defense over ...

August 4, 2019, CoinTelegraph

Michael Nonaka spoke with CoinTelegraph to discuss cryptocurrency regulation in the U.S.   Mr. Nonaka says, "The U.S. Financial Crimes Enforcement Network issued its first guidance addressing cryptocurrency companies in 2013, and since then regulatory action for digital assets has been slow to develop but has picked up in the past few years as an increasing ...

July 22, 2019, Inside Privacy

On July 5, 2019, China’s Standing Committee of the National People’s Congress (NPC) published a new draft Encryption Law (“the draft Law”) for public comment.  The draft Law, if enacted as drafted, would bring significant new changes to China’s commercial encryption regime. The State Cryptography Administration (“SCA”) previously issued an initial draft of this ...

July 17, 2019, Covington Alert

On July 9, 2019, the European Court of Justice (“ECJ”) heard oral argument in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The primary question before the ECJ is whether the European Commission’s standard contractual clauses (“SCCs”) are valid for transfers of personal data to the United States.1 Given ...

July 17, 2019, Covington Alert

On July 5, 2019, China’s Standing Committee of the National People's Congress (NPC) published a new draft Encryption Law (“the draft Law”) for public comment. The draft Law, if enacted as drafted, would bring significant new changes to China’s commercial encryption regime.

July 4, 2019, The Africa Report

July 2, 2019, Inside Privacy

On June 26, 2019, the EU High-Level Expert Group on Artificial Intelligence (AI HLEG) announced two important developments: (1) the launch of the pilot phase of the assessment list in its Ethics Guidelines for Trustworthy AI (the “Ethics Guidelines”); and (2) the publication of its Policy and Investment Recommendations for Trustworthy AI (the “Recommendations”). ...

June 27, 2019, Inside Privacy

On June 10, 2019, the UK Government’s Digital Service and the Office for Artificial Intelligence released guidance on using artificial intelligence in the public sector (the “Guidance”).  The Guidance aims to provide practical guidance for public sector organizations when they implement artificial intelligence (AI) solutions. The Guidance will be of interest to ...

June 20, 2019, Inside Privacy

Today, Susan Cassidy, Ashden Fein, Moriah Daugherty, and Melinda Lewis posted an article on Inside Government Contracts about the June 19, 2019 announcement by the National Institute of Standards and Technology (“NIST”) of the long-awaited update to Special Publication (“SP”) 800-171 Rev. 1, Protecting Controlled Unclassified Information in Nonfederal Systems ...

June 14, 2019, Government Contracting Law Report

June 4, 2019, Thomson Reuters

Mark Young participated in a Q&A with Thomson Reuters about the EU Cybersecurity Act and its new cybersecurity certification schemes for information and communication technology products, services, and processes, especially internet of things devices. The interview also discusses how the Act supports the EU Directive on the Security of Network and Information ...

May 24, 2019, Inside Privacy

On May 24, 2019, the Cyberspace Administration of China (“CAC”) released the draft Measures on Cybersecurity Review (“Draft Measures”) for public comment. (An official Chinese version of the Draft Measures is available here and an unofficial English translation is available here). The comment period ends on June 24, 2019. The publication of these Draft ...

May 24, 2019, Inside Privacy

On May 13, 2019, China’s State Administration for Market Regulation (“SAMR”) released three core national standards related to the country’s Cybersecurity Multi-level Protection Scheme (“MLPS”), describing technical and organizational controls that companies must follow when complying with MLPS-related obligations under the Cybersecurity Law (“CSL”).  These ...

April 22, 2019, Inside Privacy

On April 19, 2019, China’s Ministry of Public Security (“MPS”) released the final version of its Guideline for Internet Personal Information Security Protection (互联网个人信息安全保护指南) (the “Guideline”).  A previous version of the Guideline was released for public comments on November 30, 2018. Under China’s Cybersecurity Law (the “CSL”), MPS is the key regulator tasked ...

April 9, 2019, Global Data Review

Trisha Anderson spoke with the Global Data Review about the U.S.’s encryption law and its role electronic communication. According to Ms. Anderson, authorities in the U.S. have only general legal tools to seek access to encrypted data. Some traditional U.S. investigative tools, issued through courts and codified in law enforcement procedures, contain general ...

April 8, 2019, Inside Privacy

The European Commission (“Commission”) has published a Recommendation on cybersecurity in the energy sector (“Recommendation”).  The Recommendation builds on recent EU legislation in this area, including the NIS Directive and EU Cybersecurity Act (see our posts here and here).  It sets out guidance to achieve a higher level of cybersecurity taking into account ...

2019, American Bar Association

Our cross-disciplinary Internet of Things initiative contributed to the ABA's first book on IoT, The Internet of Things: Legal Issues, Policy, & Practical Strategies.   Laura Kim and Jennifer Johnson authored the chapter “U.S. Regulatory Framework for IoT,” with contributions from Sarah Wilson (product safety); Wade Ackerman, Elizabeth Guo, Christopher Hanson, ...

April 2019, Pratt's Privacy & Cybersecurity Law Report

March 28, 2019, Inside Privacy

On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (“DOD”) cybersecurity policies and regulations have affected the Defense Industrial Base (“DIB”). To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, ...

March 19, 2019, Law360

December 26, 2018, Bloomberg Law

Michael Nonaka is quoted Bloomberg Law regarding the Office of the Comptroller of the Currency’s 2019 revamped rules for banks’ community investments. Mr. Nonaka says, “It’ll be interesting to see what the next step is in the rulemaking process, and that will reveal whether there are these differences.” He said the agencies are likely to come together on some ...

September 11, 2018, Am Law Litigation Daily

Terrell McSweeny is quoted in Am Law Litigation Daily regarding her move to the firm. “I am excited to join a firm that is well positioned to guide clients through the increasingly complex global antitrust, cybersecurity and consumer protection landscape,” said Ms. McSweeny.

September 11, 2018, Politico

Politico featured Terrell McSweeny’s recent move to Covington’s antitrust law, data privacy and cybersecurity practice groups.

September 10, 2018

WASHINGTON— Terrell McSweeny has joined Covington as a partner in the Antitrust and Competition Law and Data Privacy and Cybersecurity Practice Groups in Washington. Ms. McSweeny most recently served as a Commissioner at the Federal Trade Commission. Ms. McSweeny has held senior appointments in the FTC, Department of Justice, White House, and United States ...

September 10, 2018, Global Competition Review

Terrell McSweeny and Deborah Garza are quoted in Global Competition Review regarding Ms. McSweeny’s move to the firm. Ms. McSweeny says that Covington is a “wonderful fit” due to its bench of former DOJ and FTC lawyers. She added that it will be good to work with colleagues who have had similar experiences. Ms. Garza praised McSweeny’s excellent reputation and ...

September 10, 2018, Bloomberg

Terrell McSweeny’s move to Covington’s data privacy and cybersecurity practice group is highlighted in Bloomberg.

September 10, 2018, The National Law Journal

Deborah Garza is quoted in The National Law Journal regarding Terrell McSweeny joining the firm. Ms. Garza says, “Having served both at the FTC and in the Antitrust Division, Terrell has an exceptionally broad base of experience to draw upon in helping clients understand and manage the antitrust enforcement, privacy, and data security issues. She also has ...

September 10, 2018, Law360

Terrell McSweeny is quoted in Law360 regarding her move to the firm. Ms. McSweeny says, “I am very excited to be joining a terrific firm to deal with the global challenges of antitrust, cybersecurity and consumer protection.”

September 7, 2018, Global Investigations Review

Trisha Anderson and James Garland are quoted in Global Investigations Review regarding Ms. Anderson rejoining the firm. Mr. Garland believes Ms. Anderson will be a valuable asset to helping navigate the U.S. Cloud Act. He says, “Trisha has that ability to spot the pain points for both the clients and the government and help figure out a way forward. Sometimes ...

September 7, 2018, Law360

Melanie Ramey is quoted in Law360 regarding the General Data Privacy Law, Brazil’s new GDPR-inspired regulation. Ms. Ramey says, “It seems to be modeled off of the GDPR, but we don't know yet where the law will differ on the nitty-gritty."

August 17, 2018

WASHINGTON— Law360 named Covington lawyers Alexander Berengaut, Michael Nonaka, and Ursula Owczarkowski to its list of “2018 Rising Stars.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Alex Berengaut represents clients in civil litigation, international arbitrations, and government enforcement ...

August 1, 2018, Bloomberg Law

Michael Nonaka is quoted in Bloomberg Law on the fintech industry’s enthusiasm regarding the Treasury Department’s recommendation that Congress support the “valid when made” doctrine. Mr. Nonaka adds, “The [recommendation] shows that these issues are not going away and that the uncertainty created from a growing body of inconsistent court opinions isn't a stable ...

July 31, 2018, Law360

Michael Nonaka is quoted in Law360 regarding the Office of the Comptroller of the Currency accepting applications for special-purpose national bank charters from financial technology companies. Mr. Nonaka says it will be a while before any fintech firms operate as national banks, and they may ultimately decide the special purpose charter does not suit their ...

July 5, 2018, Covington Alert

On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...

March 1, 2018, Covington Alert

On February 21, 2018, the U.S. Securities and Exchange Commission (the “Commission”) approved a statement and interpretive guidance that provides the Commission’s views on a public company’s disclosure obligations concerning cybersecurity risks and incidents (the “2018 Commission Guidance”).

February-March 2018, Pratt’s Privacy & Cybersecurity Law Report

February 15, 2018, Bloomberg Law

Anne Termine is quoted in a Bloomberg Law article regarding the settlement reached with AMP Global Clearing LLC following charges from the CFTC stating that AMP's failure to diligently supervise a cybersecurity vendor resulted in a data breach. According to Termine, cybersecurity is “an area of increasing concern and scrutiny for the CFTC as it goes directly to ...

January 22, 2018, E-Commerce Times

Susan Cassidy is quoted in an E-Commerce Times article regarding efforts to create an online marketplace for government purchasers. "One model that was discussed would require a portal provider to contract with GSA to provide an online interface. Under this approach, suppliers would then sign up to use the portal, potentially via a contract with the portal ...

January 4, 2018, National Defense

January 2, 2018, Politico

Susan Cassidy is quoted in Politico Pro's "Morning Cybersecurity" newsletter regarding the December 31st deadline for defense contractors to meet minimum cybersecurity requirements for the systems they operate for the Pentagon. According to Cassidy, the cybersecurity rule presents “a problem for DoD because there’s a lot of subjectivity in what is ‘adequate ...

November 24, 2017, Los Angeles Business Journal

Susan Cassidy is quoted in a Los Angeles Business Journal article regarding the difficulties that some defense contractors in Southern California were facing trying to meet the Department of Defense deadline of December 31, 2017 for implementing the cybersecurity controls in NIST Special Publication 800-171. Cassidy notes that the definition of the information ...

October 3, 2017, Commercial Dispute Resolution

David Fagan is quoted in a Commercial Dispute Resolution article regarding how companies are bracing for cyber attacks. According to Fagan, cybersecurity is “a one-way ratchet: all constituents, whether customers, regulators, business partners, claimant counsel and finders of fact, are increasingly aware of and focused on the risk [which] arises from operating ...

October 2017

Covington's Data Privacy and Cybersecurity practice is excited to take part in National Cybersecurity Awareness Month. Throughout October, our lawyers will highlight top-of-mind concerns, provide helpful tips, and discuss the cybersecurity landscape more generally through a series of posts on our Inside Privacy blog. Below you can find our most recent content, ...

September 18, 2017, Covington Alert

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...

August 31, 2017, Covington Alert

On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...

August 2, 2017, Law360

Libbie Canter was named a "Rising Star" by Law360, recognizing her as a top lawyer under 40 in Privacy & Cybersecurity law. In its profile of Canter, Law360 highlights her advisory role on significant transactions, including Microsoft’s $8.5 billion acquisition of video call service Skype.

July 28, 2017, Medtech Insight

Marialuisa Gallozzi, John Buchanan, and Jeff Kiburtz are quoted in a Medtech Insight article regarding the growing interest in the healthcare sector in buying cyber insurance. According to Gallozzi, "We are in the midst of an evolution of the insurance market right now in this area." She says cyber insurance policies have been a growing trend but unlike other ...

July 2, 2017, San Antonio Express-News

Susan Cassidy is quoted in a San Antonio Express-News article regarding new cybersecurity requirements for contractors. According to Cassidy, "Essentially, the DOD wants its contractors to protect its information, because the DOD is a huge target, and its contractors are also a target." Commenting on the fact that over the years, contractors have been working ...

May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington

May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington

May 17, 2017, The Cybersecurity Law Report

May 3, 2017, The Cybersecurity Law Report

May 3, 2017, Covington Alert

On May 2, 2017, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s ...

April 21, 2017, Luxembourg Forum (Triannual Meeting Between the United States Supreme Court and the European Court of Justice), Washington, DC

April 12, 2017, Covington Alert

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).

March 30, 2017, Business Forums International Ltd.

March 4, 2017, ABA Insurance Coverage Litigation Committee CLE Seminar

March 2017, National Defense

March 2017, Pratt's Government Contracting Law Report

February 22, 2017, The Cybersecurity Law Report

Steve Surdu was interviewed by The Cybersecurity Law Report for a three-part series on the role of forensic firms during a cyber breach. Part one discusses how to understand and leverage the expertise of forensic firms from the start. According to Surdu, forensic consultants have specialized skills and knowledge “that are very difficult for most organizations to ...

February 7, 2017, Covington Alert

On February 4, 2017, the Cyberspace Administration of China (“CAC”) released the draft Measures on the Security Review of Network Products and Services (“the draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the draft Measures is here). The comment period ends on March 4, 2017.

January 24, 2017, Law360

Mark Young and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance requirements and the new ...

January 17, 2017, Federal Contracts Report

Susan Cassidy is quoted in a Federal Contracts Report article regarding the fate of cybersecurity improvements made by the DoD under President Trump. According to Cassidy, “I would expect those to continue forward because I don't see a political will to say, ‘No you shouldn't protect this.’”  The nomination of former Sen. Dan Coats (R-Ind.) to serve as director ...

January 4, 2017, Covington Alert

President Obama announced several actions on December 29 to respond to Russian cyber operations that the U.S. intelligence community previously had concluded were intended to influence the U.S. presidential election. Specifically, the President revised and expanded an earlier executive order that blocks the property and interests in property of persons that ...

October 20, 2016, Covington Alert

On October 19, 2016, the Board of Governors of the Federal Reserve System (Federal Reserve), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC) (collectively the “Agencies”) released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to ...

July 27, 2016, Global Investigations Review

Stephen Surdu and James Garland are quoted in a GIR article regarding Surdu’s arrival to Covington as a Senior Cybersecurity Advisor. “In the fog of war, companies do not think clearly,” Surdu says. “They want to do the right thing, but they do not quite know what that is. As someone who has handled many cybersecurity investigations, I can help calm the ship.” ...

July 25, 2016, Covington Alert

Search warrants served on U.S. Internet companies and cloud service providers cannot obtain customer data stored overseas, the U.S. Court of Appeals for the Second Circuit ruled on July 14. The federal appellate decision focuses on warrants issued under the federal Electronic Communications Privacy Act (“ECPA”) and formally applies only in the Second Circuit, ...

July 21, 2016, Law360

David Fagan and Stephen Surdu are quoted in a Law360 article regarding the launch of Covington’s new Cybersecurity Incident Response Team in conjunction with the arrival of Surdu and Jenny Martin. According to Fagan, “We’re a big firm with clients that span the globe. They can’t control when they have incidents, and you can get calls on a Friday afternoon from ...

July 18, 2016

WASHINGTON—Covington has formed an enhanced team of lawyers and advisors to provide cybersecurity incident response services to clients, highlighted by Stephen Surdu, who formerly led the professional services group of Mandiant, joining the team as a Senior Cybersecurity Advisor.  Through the formation of the Cybersecurity Incident Response Team with members on ...

July 18, 2016, The American Lawyer

James Garland and Steve Surdu are quoted in an American Lawyer article regarding the launch of Covington’s Cybersecurity Incident Response Team, highlighted by Surdu’s recent arrival as a Senior Cybersecurity Advisor. According to Garland, "The lawyers that do the interviews and oversee the forensic investigation, we're experienced but we're not engineers." He ...

July 7, 2016, Covington Alert

The Brazilian financial industry has long been a target of cyber criminals, and with the continued growth of sophisticated online banking services in Brazil, such systems are a prime target for organized crime. In addition, among the emerging BRICS countries (Brazil, Russia, India, China, and South Africa), Brazil is on a par with China and Russia in terms of ...

June 21, 2016, Webinar

May 2, 2016, Law360

May 2016, National Defense Magazine

April 8, 2016, Covington Alert

On April 6, the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, issued a Request for Comment (RFC) seeking public feedback on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT). NTIA issued the RFC as part of the Commerce ...

March 2016, Cyber Security Law & Practice

February 19, 2016, Law360

Mark Young and Libbie Canter are quoted in this Law360 article offering tips on how deal makers can mitigate cybersecurity risks.  According to Young, any discovered incidents can give buyers pause on how  — and if — they want to move forward. “We’ve dealt with at least a couple examples where deals were at least delayed if not reconsidered because of ...

January 12, 2016, Covington Alert

December 2015, Privacy & Data Protection

October 13, 2015

WASHINGTON, DC, October 13, 2015 - Covington addresses the critical issue of how to manage risks associated with third-party outsourcing in Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. Published in collaboration with Palo Alto Networks and the New York Stock Exchange, the book provides boards, executives and ...

October 6, 2015, Covington Alert

October 2015, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers

September 2015, Bloomberg BNA World Data Protection Report

August 27, 2015, Inside Cybersecurity

Susan Cassidy was quoted in this article.

August 13, 2015, Inside Cybersecurity

Susan Cassidy was quoted in this article.

August 12, 2015, The Cybersecurity Law Report

August 11, 2015

WASHINGTON, DC, August 11, 2015  —The Los Angeles Business Journal has named Covington partner and former federal prosecutor Daniel Shallman to its list of the city’s “Most Influential Lawyers” in the white collar and cyber practice areas. In selecting Mr. Shallman, the publication noted that he has handled “a string of impressive matters” since joining the firm ...

August 2015, Bloomberg BNA World Data Protection Report

July 17, 2015, Webinar

July 13, 2015, China Law & Practice

July 10, 2015, Covington Alert

July 2, 2015, Covington Alert

June 12, 2015, InsidePrivacyBlog

June 9, 2015, InsideCounsel

May 12, 2015, Inside Counsel

May 2015, Privacy Laws & Business UK Report

March 13, 2015, CDR News

March 12, 2015, InsideCounsel

March 9, 2015, The National Law Journal

February 28, 2015, InsidePrivacy Blog

February 19, 2015, Inside Counsel

February 2015, Bloomberg BNA World Data Protection Report

January 2015, Regulatory Rapporteur

November/December 2014, E-Commerce Law Reports

October 10, 2014, InsideMedicalDevices Blog

2014, Data Protection and Privacy Law (2nd Edition, Thomson Reuters)

June 2014, E-Commerce Law & Policy

May 14, 2014, InsidePrivacy Blog

April 8, 2014, InsidePrivacy Blog

April 2014, West Briefing Papers

November 27, 2013, Covington E-Alert

October 24, 2013, Covington E-Alert

October 8, 2013, Law360

April 25, 2013, Law360

April 2013, World Data Protection Report

May 21, 2012, Corporate Counsel

May 2010, Privacy Law & Business

October 2009, The Privacy Advisor

November 24, 2008, Covington E-Alert