April 2019, Pratt's Privacy & Cybersecurity Law Report

March 19, 2019, Inside Privacy

On March 15, 2019, the State Administration for Market Regulation and the Cyberspace Administration of China (“CAC”) jointly issued the Announcement on the Implementation of App Security Certification (the “Announcement”), creating a voluntary (but state-sanctioned) security certification scheme for mobile applications (“Security Certification Scheme”). ...

March 19, 2019, Law360

March 14, 2019, Inside Privacy

Following a political agreement at the end of 2018, earlier this week the European Parliament approved a new cybersecurity regulation known as the EU “Cybersecurity Act” This forms part of the EU’s Cyber Package, first announced in September 2017 (which we blogged about here). In addition to reinforcing the mandate of ENISA — now to...… Continue Reading

March 12, 2019, Inside Privacy

On March 11, 2019, a bipartisan group of lawmakers including Sen. Mark Warner and Sen. Cory Gardner introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The Act seeks “[t]o leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices.” In other words, this bill aims to shore up...… ...

December 26, 2018, Bloomberg Law

Michael Nonaka is quoted Bloomberg Law regarding the Office of the Comptroller of the Currency’s 2019 revamped rules for banks’ community investments. Mr. Nonaka says, “It’ll be interesting to see what the next step is in the rulemaking process, and that will reveal whether there are these differences.” He said the agencies are likely to come together on some ...

December 6, 2018, Inside Privacy

On December 4, 2018, the Federal Trade Commission (“FTC”) announced that it is accepting public comments regarding its Identity Theft Detection Rules, 16 C.F.R. Part 681 (the “Rules”), as part of a systematic review of the Commission’s regulations and guidelines. The review of the Rules is particularly noteworthy because identity theft is among the top...… ...

November 6, 2018, Inside Privacy

Canada’s new data breach law, The Personal Information Protection and Electronic Documents Act (“PIPEDA”), took effect on November 1. Official guidance released by the country’s Privacy Commissioner explains a few of the law’s key provisions that will affect organizations, specifically, breach reporting and notification obligations, their triggers, and record ...

October 29, 2018, Inside Privacy

[This article also was published in Law360.] In March 2017, Rep. Tom Graves, R-Ga., introduced a draft bill titled the Active Cyber Defense Certainty Act. The bill would amend the Computer Fraud and Abuse Act to enable victims of cyberattacks to employ “limited defensive measures that exceed the boundaries of one’s network in order to...… Continue Reading

October 26, 2018, Inside Privacy

The Federal Energy Regulatory Commission (“FERC”) released a final rule approving three new Critical Infrastructure Protection (“CIP”) standards which address supply chain risk management for bulk electric systems (“BES”) operations.  The new standards were developed by the North American Electric Reliability Corporation (“NERC”) in response to FERC Order No. ...

October 24, 2018, Inside Privacy

On September 30, 2018, China’s Ministry of Public Security (“MPS”) released the Regulation on the Internet Security Supervision and Inspection by Public Security Organs (the “Regulation”;《公安机关互联网安全监督检查规定》), which will take effect on November 1, 2018. As the latest regulation issued by MPS that implements China’s Cybersecurity Law (“CSL”), which took effect in ...

September 11, 2018, Am Law Litigation Daily

Terrell McSweeny is quoted in Am Law Litigation Daily regarding her move to the firm. “I am excited to join a firm that is well positioned to guide clients through the increasingly complex global antitrust, cybersecurity and consumer protection landscape,” said Ms. McSweeny.

September 11, 2018, Politico

Politico featured Terrell McSweeny’s recent move to Covington’s antitrust law, data privacy and cybersecurity practice groups.

September 10, 2018

WASHINGTON— Terrell McSweeny has joined Covington as a partner in the Antitrust and Competition Law and Data Privacy and Cybersecurity Practice Groups in Washington. Ms. McSweeny most recently served as a Commissioner at the Federal Trade Commission. Ms. McSweeny has held senior appointments in the FTC, Department of Justice, White House, and United States ...

September 10, 2018, The National Law Journal

Deborah Garza is quoted in The National Law Journal regarding Terrell McSweeny joining the firm. Ms. Garza says, “Having served both at the FTC and in the Antitrust Division, Terrell has an exceptionally broad base of experience to draw upon in helping clients understand and manage the antitrust enforcement, privacy, and data security issues. She also has ...

September 10, 2018, Global Competition Review

Terrell McSweeny and Deborah Garza are quoted in Global Competition Review regarding Ms. McSweeny’s move to the firm. Ms. McSweeny says that Covington is a “wonderful fit” due to its bench of former DOJ and FTC lawyers. She added that it will be good to work with colleagues who have had similar experiences. Ms. Garza praised McSweeny’s excellent reputation and ...

September 10, 2018, Bloomberg

Terrell McSweeny’s move to Covington’s data privacy and cybersecurity practice group is highlighted in Bloomberg.

September 10, 2018, Law360

Terrell McSweeny is quoted in Law360 regarding her move to the firm. Ms. McSweeny says, “I am very excited to be joining a terrific firm to deal with the global challenges of antitrust, cybersecurity and consumer protection.”

September 7, 2018, Law360

Melanie Ramey is quoted in Law360 regarding the General Data Privacy Law, Brazil’s new GDPR-inspired regulation. Ms. Ramey says, “It seems to be modeled off of the GDPR, but we don't know yet where the law will differ on the nitty-gritty."

September 7, 2018, Global Investigations Review

Trisha Anderson and James Garland are quoted in Global Investigations Review regarding Ms. Anderson rejoining the firm. Mr. Garland believes Ms. Anderson will be a valuable asset to helping navigate the U.S. Cloud Act. He says, “Trisha has that ability to spot the pain points for both the clients and the government and help figure out a way forward. Sometimes ...

August 31, 2018, Inside Privacy

CTIA, the U.S. wireless industry’s trade association, recently announced the creation of a cybersecurity certification program for Internet of Things (IoT) devices that connect to the internet via LTE or Wi-Fi.  The program permits device makers to submit such IoT devices for testing by CTIA-authorized labs in order to obtain a certification of compliance ...

August 17, 2018

WASHINGTON— Law360 named Covington lawyers Alexander Berengaut, Michael Nonaka, and Ursula Owczarkowski to its list of “2018 Rising Stars.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Alex Berengaut represents clients in civil litigation, international arbitrations, and government enforcement ...

August 11, 2018, Inside Privacy

On July 20, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) published comments it received from a wide array of tech and telecom companies, trade groups, civil society, academia, and others regarding its “international Internet policy priorities for 2018 and beyond.”  NTIA’s Office of International ...

August 1, 2018, Bloomberg Law

Michael Nonaka is quoted in Bloomberg Law on the fintech industry’s enthusiasm regarding the Treasury Department’s recommendation that Congress support the “valid when made” doctrine. Mr. Nonaka adds, “The [recommendation] shows that these issues are not going away and that the uncertainty created from a growing body of inconsistent court opinions isn't a stable ...

July 31, 2018, Law360

Michael Nonaka is quoted in Law360 regarding the Office of the Comptroller of the Currency accepting applications for special-purpose national bank charters from financial technology companies. Mr. Nonaka says it will be a while before any fintech firms operate as national banks, and they may ultimately decide the special purpose charter does not suit their ...

July 5, 2018, Covington Alert

On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...

March 1, 2018, Covington Alert

On February 21, 2018, the U.S. Securities and Exchange Commission (the “Commission”) approved a statement and interpretive guidance that provides the Commission’s views on a public company’s disclosure obligations concerning cybersecurity risks and incidents (the “2018 Commission Guidance”).

February-March 2018, Pratt’s Privacy & Cybersecurity Law Report

February 15, 2018, Bloomberg Law

Anne Termine is quoted in a Bloomberg Law article regarding the settlement reached with AMP Global Clearing LLC following charges from the CFTC stating that AMP's failure to diligently supervise a cybersecurity vendor resulted in a data breach. According to Termine, cybersecurity is “an area of increasing concern and scrutiny for the CFTC as it goes directly to ...

January 22, 2018, E-Commerce Times

Susan Cassidy is quoted in an E-Commerce Times article regarding efforts to create an online marketplace for government purchasers. "One model that was discussed would require a portal provider to contract with GSA to provide an online interface. Under this approach, suppliers would then sign up to use the portal, potentially via a contract with the portal ...

January 4, 2018, National Defense

January 2, 2018, Politico

Susan Cassidy is quoted in Politico Pro's "Morning Cybersecurity" newsletter regarding the December 31st deadline for defense contractors to meet minimum cybersecurity requirements for the systems they operate for the Pentagon. According to Cassidy, the cybersecurity rule presents “a problem for DoD because there’s a lot of subjectivity in what is ‘adequate ...

November 24, 2017, Los Angeles Business Journal

Susan Cassidy is quoted in a Los Angeles Business Journal article regarding the difficulties that some defense contractors in Southern California were facing trying to meet the Department of Defense deadline of December 31, 2017 for implementing the cybersecurity controls in NIST Special Publication 800-171. Cassidy notes that the definition of the information ...

October 3, 2017, Commercial Dispute Resolution

David Fagan is quoted in a Commercial Dispute Resolution article regarding how companies are bracing for cyber attacks. According to Fagan, cybersecurity is “a one-way ratchet: all constituents, whether customers, regulators, business partners, claimant counsel and finders of fact, are increasingly aware of and focused on the risk [which] arises from operating ...

October 2017

Covington's Data Privacy and Cybersecurity practice is excited to take part in National Cybersecurity Awareness Month. Throughout October, our lawyers will highlight top-of-mind concerns, provide helpful tips, and discuss the cybersecurity landscape more generally through a series of posts on our Inside Privacy blog. Below you can find our most recent content, ...

September 18, 2017, Covington Alert

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...

August 31, 2017, Covington Alert

On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...

August 2, 2017, Law360

Libbie Canter was named a "Rising Star" by Law360, recognizing her as a top lawyer under 40 in Privacy & Cybersecurity law. In its profile of Canter, Law360 highlights her advisory role on significant transactions, including Microsoft’s $8.5 billion acquisition of video call service Skype.

July 28, 2017, Medtech Insight

Marialuisa Gallozzi, John Buchanan, and Jeff Kiburtz are quoted in a Medtech Insight article regarding the growing interest in the healthcare sector in buying cyber insurance. According to Gallozzi, "We are in the midst of an evolution of the insurance market right now in this area." She says cyber insurance policies have been a growing trend but unlike other ...

July 2, 2017, San Antonio Express-News

Susan Cassidy is quoted in a San Antonio Express-News article regarding new cybersecurity requirements for contractors. According to Cassidy, "Essentially, the DOD wants its contractors to protect its information, because the DOD is a huge target, and its contractors are also a target." Commenting on the fact that over the years, contractors have been working ...

May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington

May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington

May 17, 2017, The Cybersecurity Law Report

May 3, 2017, The Cybersecurity Law Report

May 3, 2017, Covington Alert

On May 2, 2017, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s ...

April 21, 2017, Luxembourg Forum (Triannual Meeting Between the United States Supreme Court and the European Court of Justice), Washington, DC

April 12, 2017, Covington Alert

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).

March 30, 2017, Business Forums International Ltd.

March 4, 2017, ABA Insurance Coverage Litigation Committee CLE Seminar

March 2017, National Defense

March 2017, Pratt's Government Contracting Law Report

February 22, 2017, The Cybersecurity Law Report

Steve Surdu was interviewed by The Cybersecurity Law Report for a three-part series on the role of forensic firms during a cyber breach. Part one discusses how to understand and leverage the expertise of forensic firms from the start. According to Surdu, forensic consultants have specialized skills and knowledge “that are very difficult for most organizations to ...

February 7, 2017, Covington Alert

On February 4, 2017, the Cyberspace Administration of China (“CAC”) released the draft Measures on the Security Review of Network Products and Services (“the draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the draft Measures is here). The comment period ends on March 4, 2017.

January 24, 2017, Law360

Mark Young and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance requirements and the new ...

January 17, 2017, Federal Contracts Report

Susan Cassidy is quoted in a Federal Contracts Report article regarding the fate of cybersecurity improvements made by the DoD under President Trump. According to Cassidy, “I would expect those to continue forward because I don't see a political will to say, ‘No you shouldn't protect this.’”  The nomination of former Sen. Dan Coats (R-Ind.) to serve as director ...

January 4, 2017, Covington Alert

President Obama announced several actions on December 29 to respond to Russian cyber operations that the U.S. intelligence community previously had concluded were intended to influence the U.S. presidential election. Specifically, the President revised and expanded an earlier executive order that blocks the property and interests in property of persons that ...

October 20, 2016, Covington Alert

On October 19, 2016, the Board of Governors of the Federal Reserve System (Federal Reserve), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC) (collectively the “Agencies”) released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to ...

July 27, 2016, Global Investigations Review

Stephen Surdu and James Garland are quoted in a GIR article regarding Surdu’s arrival to Covington as a Senior Cybersecurity Advisor. “In the fog of war, companies do not think clearly,” Surdu says. “They want to do the right thing, but they do not quite know what that is. As someone who has handled many cybersecurity investigations, I can help calm the ship.” ...

July 25, 2016, Covington Alert

Search warrants served on U.S. Internet companies and cloud service providers cannot obtain customer data stored overseas, the U.S. Court of Appeals for the Second Circuit ruled on July 14. The federal appellate decision focuses on warrants issued under the federal Electronic Communications Privacy Act (“ECPA”) and formally applies only in the Second Circuit, ...

July 21, 2016, Law360

David Fagan and Stephen Surdu are quoted in a Law360 article regarding the launch of Covington’s new Cybersecurity Incident Response Team in conjunction with the arrival of Surdu and Jenny Martin. According to Fagan, “We’re a big firm with clients that span the globe. They can’t control when they have incidents, and you can get calls on a Friday afternoon from ...

July 18, 2016

WASHINGTON—Covington has formed an enhanced team of lawyers and advisors to provide cybersecurity incident response services to clients, highlighted by Stephen Surdu, who formerly led the professional services group of Mandiant, joining the team as a Senior Cybersecurity Advisor.  Through the formation of the Cybersecurity Incident Response Team with members on ...

July 18, 2016, The American Lawyer

James Garland and Steve Surdu are quoted in an American Lawyer article regarding the launch of Covington’s Cybersecurity Incident Response Team, highlighted by Surdu’s recent arrival as a Senior Cybersecurity Advisor. According to Garland, "The lawyers that do the interviews and oversee the forensic investigation, we're experienced but we're not engineers." He ...

July 7, 2016, Covington Alert

The Brazilian financial industry has long been a target of cyber criminals, and with the continued growth of sophisticated online banking services in Brazil, such systems are a prime target for organized crime. In addition, among the emerging BRICS countries (Brazil, Russia, India, China, and South Africa), Brazil is on a par with China and Russia in terms of ...

June 21, 2016, Webinar

May 2, 2016, Law360

May 2016, National Defense Magazine

April 8, 2016, Covington Alert

On April 6, the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, issued a Request for Comment (RFC) seeking public feedback on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT). NTIA issued the RFC as part of the Commerce ...

March 2016, Cyber Security Law & Practice

February 19, 2016, Law360

Mark Young and Libbie Canter are quoted in this Law360 article offering tips on how deal makers can mitigate cybersecurity risks.  According to Young, any discovered incidents can give buyers pause on how  — and if — they want to move forward. “We’ve dealt with at least a couple examples where deals were at least delayed if not reconsidered because of ...

January 12, 2016, Covington Alert

December 2015, Privacy & Data Protection

October 13, 2015

WASHINGTON, DC, October 13, 2015 - Covington addresses the critical issue of how to manage risks associated with third-party outsourcing in Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. Published in collaboration with Palo Alto Networks and the New York Stock Exchange, the book provides boards, executives and ...

October 6, 2015, Covington Alert

October 2015, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers

September 2015, Bloomberg BNA World Data Protection Report

August 27, 2015, Inside Cybersecurity

Susan Cassidy was quoted in this article.

August 13, 2015, Inside Cybersecurity

Susan Cassidy was quoted in this article.

August 12, 2015, The Cybersecurity Law Report

August 11, 2015

WASHINGTON, DC, August 11, 2015  —The Los Angeles Business Journal has named Covington partner and former federal prosecutor Daniel Shallman to its list of the city’s “Most Influential Lawyers” in the white collar and cyber practice areas. In selecting Mr. Shallman, the publication noted that he has handled “a string of impressive matters” since joining the firm ...

August 2015, Bloomberg BNA World Data Protection Report

July 17, 2015, Webinar

July 13, 2015, China Law & Practice

July 10, 2015, Covington Alert

July 2, 2015, Covington Alert

June 12, 2015, InsidePrivacyBlog

June 9, 2015, InsideCounsel

May 12, 2015, Inside Counsel

May 2015, Privacy Laws & Business UK Report

March 13, 2015, CDR News

March 12, 2015, InsideCounsel

March 9, 2015, The National Law Journal

February 28, 2015, InsidePrivacy Blog

February 19, 2015, Inside Counsel

February 2015, Bloomberg BNA World Data Protection Report

January 2015, Regulatory Rapporteur

November/December 2014, E-Commerce Law Reports

October 10, 2014, InsideMedicalDevices Blog

2014, Data Protection and Privacy Law (2nd Edition, Thomson Reuters)

June 2014, E-Commerce Law & Policy

May 14, 2014, InsidePrivacy Blog

April 8, 2014, InsidePrivacy Blog

April 2014, West Briefing Papers

November 27, 2013, Covington E-Alert

October 24, 2013, Covington E-Alert

October 8, 2013, Law360

April 25, 2013, Law360

April 2013, World Data Protection Report

May 21, 2012, Corporate Counsel

May 2010, Privacy Law & Business

October 2009, The Privacy Advisor

November 24, 2008, Covington E-Alert