Foley to Host Roundtable: Let's Go to the Game

Please join us for a roundtable discussion led by industry experts who will discuss two timely topics impacting the sports and technology industries today covering using technology to sell the live game experience in professional and collegiate sports. The discussion will take place at Foley’s New York office on January 18, 2018 from 4:00 p.m. – 6:00 p.m. EST, followed by a cocktail reception. Topics discussed will include:

Continue reading this entry

Companies Outside Retail and Financial Industries May Have Additional Arguments to Challenge Standing in Data Breach Cases

The data breach at the U.S. Office of Personnel Management was one of the most serious and possibly one of the top 10 largest data breaches of the 21st century, compromising background investigation records for some 22 million current and former federal employees.  But a class action lawsuit brought on behalf of those employees was recently dismissed for lack of Article III standing.  In that case, In re U.S. Office of Pers. Mgmt. Data Sec. Breach Litig.[1] (“OPM Data Security Breach”), the U.S. District Court for the District of Columbia concluded that, with the exception of two employees who had incurred unreimbursed out-of-pocket expenses to remedy actual identity theft, the named plaintiffs failed to establish injury-in-fact.[2]  The court reached this conclusion even with respect to plaintiffs who had incurred fraudulent charges (for which they ultimately did not have to pay), who alleged that they had suffered stress due to a fear of identity fraud, and who had purchased credit monitoring services.  The court was influenced by reports that the breach had been perpetrated by the Chinese government, and did not jeopardize the kind of credit card or other financial information that could be useful in committing credit card fraud.[3]  Thus, the court in OPM Data Security Breach was not willing to make assumptions about the likelihood of future harm, although such claims are routinely made (albeit with mixed success) in the context of retail and financial establishment breaches that involve a theft of credit card information.[4]

Continue reading this entry

The Impact of Employee Training on Cybersecurity Breaches

Every organization is exposed to information security threats daily. It is essential that organizations have an information security protection program that is properly designed, documented, executed, and updated to minimize exposure to information loss, disruption of operations, and liability to third parties and regulators. An effective cybersecurity risk management program requires an effective governance structure based on the organization’s risk appetite — just like the company would create for any other material risk. While the components of a cybersecurity risk management program may vary from organization to organization, certain key elements are generally common to all effective programs. One such element is the importance of user education, awareness, and training.

In an article for his CSO ‘Crossroads of Cybersecurity and the Law’ blog, “Employee Training Remains the Best First Line of Defense against Cybersecurity Breaches,” Foley & Lardner Partner Mike Overly, explains why companies need to prioritize employee training on current and future security issues if they want to avoid cybersecurity breaches. He also gives his top cybersecurity training tips and best practices within the article.

November 2017 Midwest Cyber Security Alliance Meeting

cyber security

Foley & Lardner Partner Jennifer Rathburn is gearing up to host the November meeting of the Midwest Cyber Security Alliance. Jennifer will be joined by Joseph Abrenio, Founder and CEO of CyberSquire, and John Orbe, Vice President, Government, Education & Medical, Americas Enterprise at Juniper Networks.

Continue reading this entry