Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
"Cybersecurity 2.0: The Role of Counsel
in Addressing Destructive Cyberattacks"
The Cybersecurity Law Report
Our Cybersecurity practice has unsurpassed experience addressing the most significant cybersecurity matters confronted by commercial enterprises. We have assisted clients in responding to scores of cybersecurity incidents, ranging from security breaches perpetrated by inside actors, to sophisticated external attacks involving millions of customer and employee records, to several of the largest cyber-related financial crimes on record. These incidents have spanned a broad range of industries, including financial services, pharmaceuticals, media and Internet content companies, retail, technology, communications, defense, energy, software, travel-related services, and data-based services companies. Many of these incidents have been global in nature.
Our cybersecurity lawyers and advisors are based on both coasts of the United States, and in Europe and Asia. We regularly work with multinational companies on the full lifecycle of cybersecurity events, including development of internal compliance policies and incident response planning; incident response, investigation, and remediation; and defense of claims and pursuit of recoveries. We have unparalleled depth across a range of practice areas that intersect with cyber-related risks, including insurance, litigation, corporate governance, and regulatory compliance, to name a few.
Enterprises face threats from multiple vectors, including, among others, state-sponsored actors, criminal organizations, hactivists, competitors, and insiders—with potential for incidents that may include denial-of-service attacks, theft of funds or IP, breaches of payment card data and other sensitive customer information, and other significant compromises. Unlike many other firms, Covington does not approach cybersecurity as simply a subset of our broader privacy practice. Rather, we take a truly multi-dimensional, cross-disciplinary approach, taking into account not only privacy law, but also the potential impact of any particular threat vector on U.S. national security and the integrity of critical enterprises internationally.
Our team includes former senior officials from the Department of Homeland Security and Department of Justice, and we regularly engage with those agencies, as well as the Federal Trade Commission, Federal Bureau of Investigation, Department of Defense, and other federal and international agencies as well as State Attorneys General and EU, Asian, and Latin American data protection authorities, on defending against and responding to cyber threats.
Our areas of focus include:
- Preparedness and counseling
- Incident response and investigations
- Regulatory advice and compliance
- Risk management and insurance coverage
- Litigation—class action defense
- European and international data protection
Responding to Sophisticated Advanced Persistent Theat ("APT") Attacks
We have directed the investigations and response into APT attacks from state-sponsored actors and sophisticated criminal groups targeting intellectual property and other proprietary information. These attacks, and the responses, have spanned multiple industries and global companies, with investigations covering four continents.
Responding to Large Cyber-based Financial Crimes
We have handled multiple large cyber-based financial crimes, including, among others, assisting in the response to one of the largest criminal organization ATM cash drawdowns in U.S. history.
Addressing Regulatory Enforcement Actions
We have addressed regulatory investigations and enforcement actions from regulators in the United States, Europe, and Asia following data breaches. These have included investigations or formal enforcement proceedings brought by the Federal Trade Commission, State Attorneys General, and the Securities and Exchange Commission in the United States, and by data protection authorities and sector-specific regulators across Europe and Asia.
Responding to Government Surveillance Inquiries
We have a leading practice advising Internet companies and cloud service providers on responding to legal demands seeking access to customer data or network surveillance, served by governments around the world.
Investigating Insider Thefts
We have directed investigations into cyber-based insider thefts of highly sensitive proprietary information and consumer information.
HIPAA Breach Notification Requirements
Advised employer health plans on HIPAA breach notification requirements relating to breaches of protected health information held by the plans.
Data Breach Response and Compliance
We have counseled clients on all aspects of data breach response globally, including incidents involving more than 100,000 impacted employees, payment card incidents involving millions of consumers, and breaches of other personal information impacting more than 50 million consumers.
Pursuing Recovery for the Largest Documented Data Security Breaches
We have successfully handled the recovery under insurance coverage policies for several of the largest documented data security breaches.
Pre-Incident Advice and Assessments
We regularly advise clients on compliance with information security requirements and best practices, including, among others, governance best practices, vendor contract terms and due diligence, the implementation of information security controls to satisfy regulatory requirements, and the conduct of vulnerability assessments.
AI Algorithms and Services Cybersecurity
Advising a software company and other high-tech companies on the integrity and security of AI algorithms and services.
Advising Major Multinational Technology and Ecommerce Company
Advising major American multinational technology and ecommerce company on EU data privacy and cybersecurity issues relating to new products and services.
Whitepaper on Cybersecurity Advantages of Blockchain Technologies
Advising Microsoft and the Chamber of Digital Commerce in the development of a whitepaper exploring the cybersecurity advantages of blockchain technologies.
Peraton's Acquisition of Solers
Represented Peraton as regulatory counsel in its acquisition of Solers, Inc., a software development and systems integration provider. We handled government contracts, national security, and cybersecurity matters for Peraton.
January 15, 2021, Inside Privacy
On December 16, 2020, the German Federal Government passed a draft law that substantially amends some of Germany’s information technology laws (“IT laws”). These amendments aim to adapt the current legal framework to the increasing digitalization of products and services, the proliferation of IoT products, and the appearance of new cybersecurity threats. The ...
January 5, 2021, Inside Privacy
Last year, Californians passed proposition 24, also known as the California Privacy Rights Act (“CPRA”). That law makes several changes to the California Consumer Privacy Act (“CCPA”), including some that relate to an organization’s cybersecurity practices. So, as you begin to prepare your organization’s CPRA compliance strategy, keep in mind the following ...
December 23, 2020, Inside Privacy
On December 16, 2020, the European Commission released the EU’s cybersecurity strategy for the next decade (see press release here and report here). The EU’s cybersecurity strategy puts forward concrete proposals for regulatory, investment and policy initiatives in the following three areas: 1. Resilience, technological sovereignty and leadership – the European ...
December 23, 2020, Inside Privacy
On December 22, 2020, the European Union Agency for Cybersecurity (“ENISA”) published a draft scheme for cloud services (see press release here and scheme here). Cloud services that meet the security requirements of the scheme will be able to obtain a certification attesting their level of cybersecurity. The draft scheme is available for public consultation...… ...
December 8, 2020, Inside Privacy
On December 2, 2020, China’s Ministry of Commerce (“MOFCOM”), State Cryptography Agency (“SCA”), and the General Administration of Customs (“Customs”) jointly issued three documents (here) related to import and export of commercial encryption items: List of Commercial Encryption Subject to Import Licensing Requirement (“Import List”); List of Commercial ...
December 7, 2020, Inside Privacy
On Friday, December 4, 2020, President Trump signed the bipartisan Internet of Things (“IoT”) Cybersecurity Improvement Act of 2020 into law. The IoT Cybersecurity Improvement Act empowers the National Institute of Standards and Technology (“NIST”) to create cybersecurity standards for internet-connected devices purchased and used by federal agencies. For more ...
November 25, 2020, Inside Privacy
The bipartisan Internet of Things (“IoT”) Cybersecurity Improvement Act of 2020 (S. 734, H.R. 1668) has passed the House and the Senate and is headed to the President’s desk for signature. The bill was sponsored in the House by Representatives Hurd (R-TX) and Kelly (D-IL), and in the Senate by Senators Warner (D-VA) and Gardner...… Continue Reading
November 16, 2020
WASHINGTON—Global Banking Regulation Review has named Covington partner Michael Nonaka to its “45 Under 45,” a list of the leading, next-generation banking regulation specialists. Mr. Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, and non-bank companies on a broad range of compliance, enforcement, ...
October 14, 2020, Inside Privacy
On September 30, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Multi-State Information Sharing and Analysis Center (“MS-ISAC”) released a joint guide synthesizing best practices to prevent and respond to ransomware. This guide was published the day before OFAC and FinCEN released their coordinated guidance on ransomware attacks ...
October 7, 2020, Inside Privacy
Consistent with the U.S. Department of the Treasury’s ongoing focus on cyber-enabled financial crime, on October 1, 2020, two components of the Treasury Department’s Office of Terrorism and Financial Intelligence issued guidance on ransomware-related payments. One, an advisory issued by the Office of Foreign Assets Control (“OFAC”), describes the significant ...
October 6, 2020, Inside Privacy
In this edition of our regular roundup on legislative initiatives related to artificial intelligence (AI), cybersecurity, the Internet of Things (IoT), and connected and autonomous vehicles (CAVs), we focus on key developments in the European Union (EU). There has been some policy activity in the U.S. this quarter, including the re-introduction of the SELF-DRIVE ...
July 17, 2020, Legaltech News
Kristof Van Quathem is quoted in Legaltech News regarding the continuation of shared data between the EU and the United States after the invalidation of the Privacy Shield. Mr. Van Quathem says companies are exploring encryption and other technical safeguards for EU data transferred to the U.S. He added that more organizations are also considering prohibiting ...
July 16, 2020, The Guardian
Lisa Peets spoke with The Guardian about the European Court of Justice’s decision to invalidate the EU-U.S. Privacy Shield, in which social media companies could be prevented from sending data to the United States from Europe. Ms. Peets says the ruling is not a total halt on data transfers between the EU and U.S. The court upheld the use of “standard contractual ...
July 16, 2020, Law.com
Lisa Peets is quoted in Law.com regarding the European Court of Justice’s judgment in the EU-U.S. Privacy Shield. Ms. Peets says that the judgment means that the 5,000 or so U.S. companies signed up to the Privacy Shield will have to find an interim solution until EU and U.S. officials have worked out a new data protection deal. “The invalidation of the Privacy ...
Schrems II sparks data transfer chaos and confusion
July 16, 2020, Global Data Review
Lisa Peets is quoted in Global Data Review regarding the European Court of Justice’s decision to invalidate the EU-US Privacy Shield. Ms. Peets, who represented software trade body BSA as an intervening party, says companies are unlikely to immediately stop their SCCs – saying that “halting existing transfers would be all but impossible from a practical ...
Top EU Court Strikes Down Popular Data Transfer Tool
July 16, 2020, Law360
Lisa Peets spoke with Law360 about European Court of Justice’s invalidation of the EU-U.S. Privacy Shield. Ms. Peets, who represented the Software Alliance, says the decision to reject the Privacy Shield without holding arguments on the merits of the tool — an issue that wasn't directly before the high court in this dispute — was “disappointing to many.” She ...
June 4, 2020, Med City News
Libbie Canter is quoted in Med City News regarding the privacy concerns for employers seeking to track employees in order to limit the spread of COVID-19. Ms. Canter says when it comes to contact tracing and location monitoring, companies should be cautious in the questions they ask and how much data they collect. She adds, “Companies need to think about not ...
May 19, 2020, Bloomberg
Daniel Cooper spoke with Bloomberg about new wearable technology devices that alert users when they are within close proximity of someone with COVID-19. Mr. Cooper notes that businesses are walking a fine line between keeping people safe and protecting their privacy. The absence of clear guidance from European regulators is forcing companies -- who could also be ...
US lawmakers propose temporary COVID-19 privacy law
May 12, 2020, Global Data Review
Libbie Canter is quoted in Global Data Review regarding a bill that would regulate contact-tracing apps and similar projects geared towards tracking the spread of COVID-19. Ms. Canter says the bill is narrow in scope, but where it does apply, the protections are stronger than those offered by state laws like the CCPA. She raises questions about how the bill ...
Morrisons Ruling Leaves Door Open For Data Breach Suits
April 2, 2020, Law360
Mark Young spoke with Law360 about a UK Supreme Court case involving the intentional breach of customer data information by an employee at Morrisons. The court ruled Morrisons will no longer have to pay a fine. Mr. Young says this is the “dual-edged result” of the Supreme Court judgment. Although a company is off the hook if an employee “goes off the deep end” ...
Morrisons not liable for rogue employee data breach
April 1, 2020, Global Data Review
Daniel Cooper spoke with Global Data Review about a UK high court case involving the deliberate breach of personal information by a supermarket employee from Morrisons. The court ruled that the supermarket was not liable for the actions of the employee. Mr. Cooper described the decision as “dual-edged” and said that “when coupled with the Lloyd Court of Appeal ...
Telcos share location data for coronavirus efforts
March 20, 2020, Global Data Review
Dan Cooper spoke with Global Data Review about how telecommunications companies are providing data regulators location data to track the effects of social distancing in the wake of coronavirus. Mr. Cooper told GDR that the measures in Europe are “not too much of a concern” from a privacy perspective as the data being used by authorities is anonymized and ...
Democrats Want to Prevent Coronavirus Credit Report Harm
March 19, 2020, Bloomberg
David Stein spoke with Bloomberg about legislation from Senate Democrats to shield U.S. citizens from negative credit reporting for the duration of the new coronavirus crisis. Three senators are looking to throw out a rule where credit bureaus are required under the Fair Credit Reporting Act to collect negative information. Mr. Stein says, “To the extent that ...
March 16, 2020, Global Data Review
Trisha Anderson spoke with Global Data Review about Congress’s lapse in renewing the Freedom Act while dealing with COVID-19. Ms. Anderson told GDR if Congress doesn’t renew the business records provision, the FBI will have to operate with pre-Patriot Act surveillance tools. She adds that the FBI would still be able to obtain business records via grand jury ...
February 11, 2020, Global Data Review
Libbie Canter is quoted in Global Data Review regarding the California Attorney General Xavier Beccera’s revisions to the California Consumer Privacy Act’s (CCPA) regulations. The revisions have left many businesses concerned and with unanswered questions. Ms. Canter says despite the revisions “ambiguities” remain for entities that collect data from third ...
February 5, 2020, Law360
Susan Cassidy is quoted in Law360 regarding the DoD’s implementation of cybersecurity requirements for defense contractors. Ms. Cassidy says that questions about the process, such as who will audit the thousands of contractors that need to be certified for cybersecurity compliance, how they will be audited and what options they will have if they disagree with an ...
ICO hits electronics retailer with maximum pre-GDPR fine
January 10, 2020, Global Data Review
Daniel Cooper is quoted in Global Data Review regarding the UK ICO’s decision to fine DSG Retail £500,000 under pre-GDPR data protection law. The fine stems from the company being compromised by a cyberattack affecting at least 14 million people. Mr. Cooper says, “the ICO's imposition of a maximum fine appears due, in part, to the fact that it felt DSG should ...
January 9, 2020, WatersTechnology
Michael Nonaka spoke with WatersTechnology about the impact of the California Consumer Privacy Act on financial institutions. Mr. Nonaka says, “There are exemptions [in the CCPA] for information that is covered by the GLBA. This is consumer information used by FIs, including broker-dealers. But there is not a broad exemption that just takes out the entirety of ...
November 21, 2019, Law360
Micaela McMurrough is quoted in Law360 regarding a recently unveiled cybersecurity protocol guidelines aimed at arbitrators, institutions and arbitration users on topics including baseline security measures. Ms. McMurrough says, "We tried to build in flexibility [so that the] document can be used as guidance, rather than something that's prescriptive.”
October 24, 2019, Law360
Susan Cassidy spoke with Law360 about the Department of Defense’s goal for its Cybersecurity Maturity Model Certification (CMMC) and its impact on join bid contractors. Ms. Cassidy says such teaming arrangements are already complicated and can take years to put together for big defense procurements. Although the DOD has said cybersecurity compliance will be ...
October 22, 2019, Legaltech News
Trisha Anderson spoke with Legaltech News about a bilateral data access agreement, a new mechanism of the CLOUD Act and its effect on law firms. A year after the CLOUD Act, the first data-sharing agreement is most relevant to U.K. law enforcement agencies having access to the vast data held by U.S.-based tech companies, says Ms. Anderson. She adds, “The most ...
October 2, 2019
Boards and CEOs at companies of all sizes operating around the world list cybersecurity as one of the top concerns keeping them up at night. Cyber threats are in the news on a daily basis and we hear about data breaches all the time. But our practice often helps clients respond to cyber incidents that are much broader than data breaches; they range from small ...
August 4, 2019, CoinTelegraph
Michael Nonaka spoke with CoinTelegraph to discuss cryptocurrency regulation in the U.S. Mr. Nonaka says, "The U.S. Financial Crimes Enforcement Network issued its first guidance addressing cryptocurrency companies in 2013, and since then regulatory action for digital assets has been slow to develop but has picked up in the past few years as an increasing ...
July 17, 2019, Covington Alert
On July 5, 2019, China’s Standing Committee of the National People's Congress (NPC) published a new draft Encryption Law (“the draft Law”) for public comment. The draft Law, if enacted as drafted, would bring significant new changes to China’s commercial encryption regime.
July 17, 2019, Covington Alert
On July 9, 2019, the European Court of Justice (“ECJ”) heard oral argument in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The primary question before the ECJ is whether the European Commission’s standard contractual clauses (“SCCs”) are valid for transfers of personal data to the United States.1 Given ...
June 14, 2019, Government Contracting Law Report
Expert Q&A on the EU Cybersecurity Act
June 4, 2019, Thomson Reuters
Mark Young participated in a Q&A with Thomson Reuters about the EU Cybersecurity Act and its new cybersecurity certification schemes for information and communication technology products, services, and processes, especially internet of things devices. The interview also discusses how the Act supports the EU Directive on the Security of Network and Information ...
Going Over the Top
April 9, 2019, Global Data Review
Trisha Anderson spoke with the Global Data Review about the U.S.’s encryption law and its role electronic communication. According to Ms. Anderson, authorities in the U.S. have only general legal tools to seek access to encrypted data. Some traditional U.S. investigative tools, issued through courts and codified in law enforcement procedures, contain general ...
2019, American Bar Association
Our cross-disciplinary Internet of Things initiative contributed to the ABA's first book on IoT, The Internet of Things: Legal Issues, Policy, & Practical Strategies. Laura Kim and Jennifer Johnson authored the chapter “U.S. Regulatory Framework for IoT,” with contributions from Sarah Wilson (product safety); Wade Ackerman, Elizabeth Guo, Christopher Hanson, ...
April 2019, Pratt's Privacy & Cybersecurity Law Report
January 14, 2019, Covington Alert
In the wake of destructive cyber incidents over the past few years, the insurance industry and its regulators have focused more attention on so-called “silent cyber” exposures in traditional property/casualty insurance policy forms and started taking steps to reduce or specifically address those exposures. We explain here what “silent cyber” means, and what the ...
December 26, 2018, Bloomberg Law
Michael Nonaka is quoted Bloomberg Law regarding the Office of the Comptroller of the Currency’s 2019 revamped rules for banks’ community investments. Mr. Nonaka says, “It’ll be interesting to see what the next step is in the rulemaking process, and that will reveal whether there are these differences.” He said the agencies are likely to come together on some ...
Lateral Watch
September 11, 2018, Am Law Litigation Daily
Terrell McSweeny is quoted in Am Law Litigation Daily regarding her move to the firm. “I am excited to join a firm that is well positioned to guide clients through the increasingly complex global antitrust, cybersecurity and consumer protection landscape,” said Ms. McSweeny.
Transitions
September 11, 2018, Politico
Politico featured Terrell McSweeny’s recent move to Covington’s antitrust law, data privacy and cybersecurity practice groups.
Former FTC Commissioner McSweeny Joins Covington
September 10, 2018
WASHINGTON— Terrell McSweeny has joined Covington as a partner in the Antitrust and Competition Law and Data Privacy and Cybersecurity Practice Groups in Washington. Ms. McSweeny most recently served as a Commissioner at the Federal Trade Commission. Ms. McSweeny has held senior appointments in the FTC, Department of Justice, White House, and United States ...
September 10, 2018, The National Law Journal
Deborah Garza is quoted in The National Law Journal regarding Terrell McSweeny joining the firm. Ms. Garza says, “Having served both at the FTC and in the Antitrust Division, Terrell has an exceptionally broad base of experience to draw upon in helping clients understand and manage the antitrust enforcement, privacy, and data security issues. She also has ...
McSweeny joins Covington
September 10, 2018, Global Competition Review
Terrell McSweeny and Deborah Garza are quoted in Global Competition Review regarding Ms. McSweeny’s move to the firm. Ms. McSweeny says that Covington is a “wonderful fit” due to its bench of former DOJ and FTC lawyers. She added that it will be good to work with colleagues who have had similar experiences. Ms. Garza praised McSweeny’s excellent reputation and ...
Ex-FTC Commissioner McSweeny Joins Covington's DC Office
September 10, 2018, Law360
Terrell McSweeny is quoted in Law360 regarding her move to the firm. Ms. McSweeny says, “I am very excited to be joining a terrific firm to deal with the global challenges of antitrust, cybersecurity and consumer protection.”
September 10, 2018, Bloomberg
Terrell McSweeny’s move to Covington’s data privacy and cybersecurity practice group is highlighted in Bloomberg.
Former FBI official joins Covington
September 7, 2018, Global Investigations Review
Trisha Anderson and James Garland are quoted in Global Investigations Review regarding Ms. Anderson rejoining the firm. Mr. Garland believes Ms. Anderson will be a valuable asset to helping navigate the U.S. Cloud Act. He says, “Trisha has that ability to spot the pain points for both the clients and the government and help figure out a way forward. Sometimes ...
August 17, 2018
WASHINGTON— Law360 named Covington lawyers Alexander Berengaut, Michael Nonaka, and Ursula Owczarkowski to its list of “2018 Rising Stars.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Alex Berengaut represents clients in civil litigation, international arbitrations, and government enforcement ...
August 1, 2018, Bloomberg Law
Michael Nonaka is quoted in Bloomberg Law on the fintech industry’s enthusiasm regarding the Treasury Department’s recommendation that Congress support the “valid when made” doctrine. Mr. Nonaka adds, “The [recommendation] shows that these issues are not going away and that the uncertainty created from a growing body of inconsistent court opinions isn't a stable ...
OCC Will Accept Fintech Charter Applications
July 31, 2018, Law360
Michael Nonaka is quoted in Law360 regarding the Office of the Comptroller of the Currency accepting applications for special-purpose national bank charters from financial technology companies. Mr. Nonaka says it will be a while before any fintech firms operate as national banks, and they may ultimately decide the special purpose charter does not suit their ...
July 5, 2018, Covington Alert
On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...
March 1, 2018, Covington Alert
On February 21, 2018, the U.S. Securities and Exchange Commission (the “Commission”) approved a statement and interpretive guidance that provides the Commission’s views on a public company’s disclosure obligations concerning cybersecurity risks and incidents (the “2018 Commission Guidance”).
February-March 2018, Pratt’s Privacy & Cybersecurity Law Report
February 15, 2018, Bloomberg Law
Anne Termine is quoted in a Bloomberg Law article regarding the settlement reached with AMP Global Clearing LLC following charges from the CFTC stating that AMP's failure to diligently supervise a cybersecurity vendor resulted in a data breach. According to Termine, cybersecurity is “an area of increasing concern and scrutiny for the CFTC as it goes directly to ...
Feds to Ramp Up Online Purchasing Presence
January 22, 2018, E-Commerce Times
Susan Cassidy is quoted in an E-Commerce Times article regarding efforts to create an online marketplace for government purchasers. "One model that was discussed would require a portal provider to contract with GSA to provide an online interface. Under this approach, suppliers would then sign up to use the portal, potentially via a contract with the portal ...
Russian hacker claims there's proof of his DNC breach
January 2, 2018, Politico
Susan Cassidy is quoted in Politico Pro's "Morning Cybersecurity" newsletter regarding the December 31st deadline for defense contractors to meet minimum cybersecurity requirements for the systems they operate for the Pentagon. According to Cassidy, the cybersecurity rule presents “a problem for DoD because there’s a lot of subjectivity in what is ‘adequate ...
Aerospace Up Against Deadline on Cybersecurity
November 24, 2017, Los Angeles Business Journal
Susan Cassidy is quoted in a Los Angeles Business Journal article regarding the difficulties that some defense contractors in Southern California were facing trying to meet the Department of Defense deadline of December 31, 2017 for implementing the cybersecurity controls in NIST Special Publication 800-171. Cassidy notes that the definition of the information ...
US corporates braced for cyber-chaos
October 3, 2017, Commercial Dispute Resolution
David Fagan is quoted in a Commercial Dispute Resolution article regarding how companies are bracing for cyber attacks. According to Fagan, cybersecurity is “a one-way ratchet: all constituents, whether customers, regulators, business partners, claimant counsel and finders of fact, are increasingly aware of and focused on the risk [which] arises from operating ...
October 2017
Covington's Data Privacy and Cybersecurity practice is excited to take part in National Cybersecurity Awareness Month. Throughout October, our lawyers will highlight top-of-mind concerns, provide helpful tips, and discuss the cybersecurity landscape more generally through a series of posts on our Inside Privacy blog. Below you can find our most recent content, ...
The EU Gets Serious About Cyber: The EU Cybersecurity Act and Other Elements of the "Cyber Package"
September 18, 2017, Covington Alert
Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...
China Seeks Comments on Updated Draft of Cross-Border Data Transfer Security Assessment Standard
August 31, 2017, Covington Alert
On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...
Rising Star: Covington & Burling's Elizabeth Canter
August 2, 2017, Law360
Libbie Canter was named a "Rising Star" by Law360, recognizing her as a top lawyer under 40 in Privacy & Cybersecurity law. In its profile of Canter, Law360 highlights her advisory role on significant transactions, including Microsoft’s $8.5 billion acquisition of video call service Skype.
July 28, 2017, Medtech Insight
Marialuisa Gallozzi, John Buchanan, and Jeff Kiburtz are quoted in a Medtech Insight article regarding the growing interest in the healthcare sector in buying cyber insurance. According to Gallozzi, "We are in the midst of an evolution of the insurance market right now in this area." She says cyber insurance policies have been a growing trend but unlike other ...
Pentagon demands contractors up cybersecurity
July 2, 2017, San Antonio Express-News
Susan Cassidy is quoted in a San Antonio Express-News article regarding new cybersecurity requirements for contractors. According to Cassidy, "Essentially, the DOD wants its contractors to protect its information, because the DOD is a huge target, and its contractors are also a target." Commenting on the fact that over the years, contractors have been working ...
Artificial Intelligence
May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington
European General Data Protection Regulation: What You Need to Know
May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington
May 17, 2017, The Cybersecurity Law Report
May 3, 2017, The Cybersecurity Law Report
May 3, 2017, Covington Alert
On May 2, 2017, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s ...
Data Privacy and National Security
April 21, 2017, Luxembourg Forum (Triannual Meeting Between the United States Supreme Court and the European Court of Justice), Washington, DC
April 12, 2017, Covington Alert
On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).
GDPR Planning and Preparation Conference for Employers
March 30, 2017, Business Forums International Ltd.
Shrunken Chickens, Neck Flanges, Pill Mills & Bacteria: New Twists on Perennially Difficult Issues in Products-Related Coverage
March 4, 2017, ABA Insurance Coverage Litigation Committee CLE Seminar
March 2017, Pratt's Government Contracting Law Report
Forensic Firms: Understanding and Leveraging Their Expertise From the Start (Part One of Three)
February 22, 2017, The Cybersecurity Law Report
Steve Surdu was interviewed by The Cybersecurity Law Report for a three-part series on the role of forensic firms during a cyber breach. Part one discusses how to understand and leverage the expertise of forensic firms from the start. According to Surdu, forensic consultants have specialized skills and knowledge “that are very difficult for most organizations to ...
February 7, 2017, Covington Alert
On February 4, 2017, the Cyberspace Administration of China (“CAC”) released the draft Measures on the Security Review of Network Products and Services (“the draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the draft Measures is here). The comment period ends on March 4, 2017.
Banks Face Cybercrime Wave As Tougher Regulations Loom
January 24, 2017, Law360
Mark Young and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance requirements and the new ...
January 17, 2017, Federal Contracts Report
Susan Cassidy is quoted in a Federal Contracts Report article regarding the fate of cybersecurity improvements made by the DoD under President Trump. According to Cassidy, “I would expect those to continue forward because I don't see a political will to say, ‘No you shouldn't protect this.’” The nomination of former Sen. Dan Coats (R-Ind.) to serve as director ...
U.S. Expands Sanctions, Takes Other Steps in Response to Russia’s Election-Related Cyber Operations
January 4, 2017, Covington Alert
President Obama announced several actions on December 29 to respond to Russian cyber operations that the U.S. intelligence community previously had concluded were intended to influence the U.S. presidential election. Specifically, the President revised and expanded an earlier executive order that blocks the property and interests in property of persons that ...
October 20, 2016, Covington Alert
On October 19, 2016, the Board of Governors of the Federal Reserve System (Federal Reserve), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC) (collectively the “Agencies”) released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to ...
Covington hires cyber expert
July 27, 2016, Global Investigations Review
Stephen Surdu and James Garland are quoted in a GIR article regarding Surdu’s arrival to Covington as a Senior Cybersecurity Advisor. “In the fog of war, companies do not think clearly,” Surdu says. “They want to do the right thing, but they do not quite know what that is. As someone who has handled many cybersecurity investigations, I can help calm the ship.” ...
July 25, 2016, Covington Alert
Search warrants served on U.S. Internet companies and cloud service providers cannot obtain customer data stored overseas, the U.S. Court of Appeals for the Second Circuit ruled on July 14. The federal appellate decision focuses on warrants issued under the federal Electronic Communications Privacy Act (“ECPA”) and formally applies only in the Second Circuit, ...
Covington Launches Cyber Response Team With Mandiant Pro
July 21, 2016, Law360
David Fagan and Stephen Surdu are quoted in a Law360 article regarding the launch of Covington’s new Cybersecurity Incident Response Team in conjunction with the arrival of Surdu and Jenny Martin. According to Fagan, “We’re a big firm with clients that span the globe. They can’t control when they have incidents, and you can get calls on a Friday afternoon from ...
Covington Forms Cybersecurity Incident Response Team
July 18, 2016
WASHINGTON—Covington has formed an enhanced team of lawyers and advisors to provide cybersecurity incident response services to clients, highlighted by Stephen Surdu, who formerly led the professional services group of Mandiant, joining the team as a Senior Cybersecurity Advisor. Through the formation of the Cybersecurity Incident Response Team with members on ...
July 18, 2016, The American Lawyer
James Garland and Steve Surdu are quoted in an American Lawyer article regarding the launch of Covington’s Cybersecurity Incident Response Team, highlighted by Surdu’s recent arrival as a Senior Cybersecurity Advisor. According to Garland, "The lawyers that do the interviews and oversee the forensic investigation, we're experienced but we're not engineers." He ...
July 7, 2016, Covington Alert
The Brazilian financial industry has long been a target of cyber criminals, and with the continued growth of sophisticated online banking services in Brazil, such systems are a prime target for organized crime. In addition, among the emerging BRICS countries (Brazil, Russia, India, China, and South Africa), Brazil is on a par with China and Russia in terms of ...
Insider Threats to Cybersecurity—Prevent, Prepare, and React Webinar
June 21, 2016, Webinar
April 8, 2016, Covington Alert
On April 6, the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, issued a Request for Comment (RFC) seeking public feedback on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT). NTIA issued the RFC as part of the Commerce ...
March 2016, Cyber Security Law & Practice
5 Ways To Keep Cybersecurity Risk From Derailing A Deal
February 19, 2016, Law360
Mark Young and Libbie Canter are quoted in this Law360 article offering tips on how deal makers can mitigate cybersecurity risks. According to Young, any discovered incidents can give buyers pause on how — and if — they want to move forward. “We’ve dealt with at least a couple examples where deals were at least delayed if not reconsidered because of ...
Cybersecurity: CFTC Proposes New Cybersecurity Testing Rules for Derivatives Market Infrastructure
January 12, 2016, Covington Alert
December 2015, Privacy & Data Protection
Covington Tackles Vendor Cybersecurity Risks in New Book for Corporate Directors and Officers
October 13, 2015
WASHINGTON, DC, October 13, 2015 - Covington addresses the critical issue of how to manage risks associated with third-party outsourcing in Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. Published in collaboration with Palo Alto Networks and the New York Stock Exchange, the book provides boards, executives and ...
October 6, 2015, Covington Alert
October 2015, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers
September 2015, Bloomberg BNA World Data Protection Report
August 27, 2015, Inside Cybersecurity
Susan Cassidy was quoted in this article.
August 13, 2015, Inside Cybersecurity
Susan Cassidy was quoted in this article.
August 12, 2015, The Cybersecurity Law Report
August 11, 2015
WASHINGTON, DC, August 11, 2015 —The Los Angeles Business Journal has named Covington partner and former federal prosecutor Daniel Shallman to its list of the city’s “Most Influential Lawyers” in the white collar and cyber practice areas. In selecting Mr. Shallman, the publication noted that he has handled “a string of impressive matters” since joining the firm ...
August 2015, Bloomberg BNA World Data Protection Report
Insider Threats to Cybersecurity—Prevent, Prepare, React
July 17, 2015, Webinar
June 12, 2015, InsidePrivacyBlog
May 12, 2015, Inside Counsel
May 2015, Privacy Laws & Business UK Report
March 9, 2015, The National Law Journal
February 28, 2015, InsidePrivacy Blog
February 19, 2015, Inside Counsel
February 2015, Bloomberg BNA World Data Protection Report
November/December 2014, E-Commerce Law Reports
May 14, 2014, InsidePrivacy Blog
April 8, 2014, InsidePrivacy Blog
November 27, 2013, Covington E-Alert
October 24, 2013, Covington E-Alert
April 2013, World Data Protection Report
May 2010, Privacy Law & Business
October 2009, The Privacy Advisor
November 24, 2008, Covington E-Alert
- Global Data Review 100, "20 Elite" (2020)

How Our Cybersecurity Practice Helps Clients
Trisha Anderson and Ashden Fein discuss Covington's cybersecurity practice and outlines the team's abilities to help clients navigate their most challenging cybersecurity issues.