The Association of Corporate Counsel (ACC) recently released a set of guidelines intended to serve as a benchmark for law firm cybersecurity practices. The guidelines include information retention, return, and destruction, data handling and encryption, data breach reporting, physical security, employee background screening, and cyber liability insurance. The requirements were developed based on corporate law departments’ experiences and with input from several law firms.
China’s new cyber security law (Law) could have far-reaching impacts for companies that do business there. The Law goes into effect on June 1, 2017. As is typical of legislation passed by the Standing Committee of the National People’s Congress, China’s highest legislative authority, the law has been criticized for its vagueness.
New York’s Department of Financial Services Cybersecurity regulation became effective March 1. According to the press release issued with the regulation, the regulation is intended to require banks, insurance companies and "covered entities" to "establish and maintain a cybersecurity program designed to protect consumers' private data and ensure the safety and soundness of New York State's financial services industry.” This regulation is the first of its kind in the U.S, and will likely serve as a model to other states looking to address cybersecurity.