Web Version | Unsubscribe Like

Lewis Brisbois' Cybersecurity Newsletter

We are pleased to bring you this latest edition of our Digital Insights Newsletter.

This Fall, the Federal Trade Commission (FTC), the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC), and the Department of Justice (DOJ) took steps to provide further protection for consumers’ health information, to disrupt funding for malicious cyber activities, and to increase government contractor compliance with cybersecurity standards, respectively. Lewis Brisbois’ Data Privacy & Cybersecurity attorneys analyzed the FTC’s new guidance, the OFAC’s recent advisory, and the DOJ’s new Civil Cyber-Fraud Initiative in a series of posts for the firm’s Digital Insights blog, which are included below.

In addition to these cybersecurity developments unfolding at the federal level, this update shares exciting news from within Lewis Brisbois’ Data Privacy & Cybersecurity Practice, including the recent accomplishment by five attorneys in the practice earning ANSI-accredited certifications from the International Association of Privacy Professionals (IAPP), further strengthening the firm’s capabilities in this arena. Moreover, the practice continues to grow, with several new associates joining the team in recent months across eight of our offices.

We invite you to continue reading to learn more about this news and other exciting developments from our nationwide team, including recently received accolades and upcoming speaking engagements. We wish you all a happy and healthy holiday season!

If you have any questions or comments, or require immediate assistance with a cyber incident, please contact our 24/7 Breach Response Team. You can also visit our Data Privacy & Cybersecurity Practice page to learn more about the Team and find an attorney in your area.

Lewis Brisbois' Data Privacy & Cybersecurity Team

The Digital Insights Blog - Recent Posts

Subscribe to our Digital Insights blog to receive email alerts when new posts go up.

FTC Warns Health Apps, Connected Device Companies to Comply with Health Breach Notification Rule

On September 15, 2021, the Federal Trade Commission (FTC) released a policy statement to offer guidance on the scope of its Health Breach Notification Rule (the Rule) in relation to health applications and connected devices. The Rule, issued in 2009, helps ensure entities not covered under the Health Insurance Portability and Accountability Act (HIPAA) are held accountable when consumers’ sensitive health information that has been entrusted to them is compromised.

Read More

OFAC September 2021 Advisory: Illusory Solutions to Soften the Enforcement Threat?

On September 21, 2021, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an updated advisory on potential sanctions risks for facilitating ransomware payments. The sanctions have been authorized by the International Emergency Economic Powers Act and the Trading with the Enemy Act with the purpose of disrupting funding for malicious cyber activities and limiting activities that may be adverse to U.S. national security and foreign policy objectives.

Read More

Fraud Liability for Government Contractors with Lax Cybersecurity

The Department of Justice announced on October 6, 2021 the creation of a new Civil Cyber-Fraud Initiative to pursue penalties against government contractors who do not properly comply with the cybersecurity standards required by their contracts. This new risk, under the False Claims Act, means that CISOs should consult with their lawyers before starting cybersecurity compliance audits.

Read More

View all our Digital Insights blog posts here or search by tags, like "legislative alert" or "ransomware."

Subscribe to our Digital Insights blog to receive email alerts when new posts go up.

Welcome to the Team!

We are pleased to welcome the following associates to our Data Privacy & Cybersecurity Practice.

All joined the team within the last five months and represent Lewis Brisbois' commitment to growing this practice and its capabilities across our nationwide network.

Click on an attorneys' name to learn more about their professional experience.

We are always looking to expand our talented team of data privacy and cybersecurity law practitioners. Visit Lewis Brisbois' Careers page for more information.

Upcoming Webinars

Dallas Partner Lindsay B. Nickle will speak at a virtual panel on how organizations can navigate data security events, hosted by IT services provider Conduent on November 30 at 1:00 p.m. ET

The pandemic has resulted in an increasing number of companies moving to remote working models, leaving them vulnerable to data security incidents and other information breaches. In this informative 60-minute session, titled “The Intersection of eDiscovery and Data Security Incidents,” Ms. Nickle and her cybersecurity expert co-panelists will highlight best practices for identifying the size and scope of a data security incident, and strategies for sifting through the compromised personal data.

Conduent is a provider of Information Technology services that works with a broad range of industries, including finance, media, government, retail, healthcare, and insurance. 

Register for this webinar here.

Data Privacy & Cybersecurity Chair Sean B. Hoar and Vice Chairs Lindsay B. Nickle and Richard W. Goldberg will provide a year-in-review of the cybersecurity industry and share their predictions for 2022 in a collaborative webinar hosted by Lewis Brisbois on December 2 at 9:00 a.m. PT.

This informative session will give an overview of current online threats, including the most dangerous for business information systems, which highlight the risks to be addressed during the cyber insurance underwriting and claims process. This expert panel will also discuss the principles of risk management, ethics, and consumer protection, including confidentiality and privacy. 

The team will end the session by reviewing significant cybersecurity events of 2021 involving data breaches, legislation, regulatory enforcement action, and the impact upon the cyber insurance industry. They will also give their predictions for what may occur in these areas in 2022.

Register for this webinar here

News from Our Data Privacy and Cybersecurity Team

Five attorneys from Lewis Brisbois’ Data Privacy & Cybersecurity Practice recently earned ANSI-accredited certifications from the International Association of Privacy Professionals (IAPP), strengthening the firm’s capabilities in this increasingly important and ever-evolving area of the law.

Philadelphia Partner Kevin W. Yoegel and Philadelphia Associate Aubrey L. Weaver received their Certified Information Privacy Professional / United States (CIPP/US) certifications; Pittsburgh Partner Lauren D. Godfrey and Portland Associate Abby Swanson-Garney received their CIPP/ Europe certifications; and Portland Associate Rebecca M. Pollack became a Fellow of Information Privacy (FIP).

To obtain these prestigious certifications, all attorneys had to pass a challenging exam and complete training classes, with a minimum of 30 hours of study. The CIPP/US credential focuses on the privacy environment in the United States, while the CIPP/E credential encompasses pan-European and national data protection laws, key privacy terminology, and practical concepts concerning the protection of personal data and trans-border data flows. An FIP designation signifies a comprehensive knowledge of privacy laws, privacy program management, and essential data protection practices through successful completion of two IAPP credentials.

The Lewis Brisbois Data Privacy & Cybersecurity Team has 16 members with the CIPP/US designation, five members with the CIPP/E designation, two with the Certified Information Privacy Technologist (CIPT) designation, and one with the Certified Information Privacy Manager (CIPM) designation.

The IAPP is a nonprofit organization for professionals who want to help their organizations successfully manage cyber risks and protect their data. It provides a forum for privacy professionals to share best practices, track trends, advance privacy management issues, standardize the designations for privacy professionals, and provide guidance on opportunities in the field of information privacy.

Data Privacy & Cybersecurity Practice Chair Sean B. Hoar congratulated his team on the accomplishment, adding, “Their privacy credentials reflect the excellent work they provide for our clients every day, and their extensive experience differentiates our team from others. We handle some of the most complex cases in the data privacy and information security space, and our credentials tend to announce our skillsets.”

Please join us in congratulating these attorneys on obtaining these certifications. Learn more about this team here. Learn more about the IAPP here.

New York Partner Richard Goldberg and Portland Partner Sean B. Hoar, both of whom previously worked as cyber attorneys with the U.S. Department of Justice (DOJ), were recently asked by DOJ to participate in its “Cybersecurity Roundtable: The Evolving Cyber Threat Landscape,” a four-hour discussion with top federal law enforcement officials about the most serious cyber threats facing government and businesses today.

The discussion was held on October 20 and hosted by the Assistant Attorney General for the Criminal Division and the Cybersecurity Unit of DOJ. It involved officials from the White House, the National Security Division, the Federal Bureau of Investigation, the Secret Service, and the Cybersecurity and Infrastructure Security Agency. Mr. Goldberg and Mr. Hoar were asked to provide insights from the private sector about the impact of cyber threats on businesses, and to discuss the effects of certain government regulatory actions on private industry.

The topics of the discussion included national security and cybersecurity, general cyber threats, and ransomware and similar disruptive cyber threats. Mr. Hoar expressed concern about the direction of guidance from the Office of Foreign Asset Control (OFAC) pertaining to victims of ransomware attacks. He explained that many victim businesses have robust information security programs involving appropriate due diligence, investments, and security controls – yet due to the sophistication of the malicious actors, these systems are still at risk. He expressed concern that recent OFAC guidance appeared to indicate that government resources were being inappropriately allocated to scrutinize businesses rather than investigate the malicious criminals and hold them accountable.

As part of their response to data security incidents, Mr. Goldberg and Mr. Hoar see the devasting effect of malicious criminal activity on businesses every day, and the Cybersecurity Roundtable provided them an opportunity to interact with federal officials responsible for cybersecurity at the highest levels of our federal government.

Learn more about our Data Privacy & Cybersecurity capabilities here.

Portland Partner and Chair of Lewis Brisbois' Data Privacy & Cybersecurity Practice Sean B. Hoar is the 2021 Distinguished Alumni Award recipient from his undergraduate alma mater, Linfield University. He was selected for his leadership in managing responses to digital crises and data breaches nationally and internationally, and was officially recognized for the award last October at an annual alumni ceremony called Linfield’s Finest.

Please join us in congratulating Mr. Hoar on this honor. Read more about this news and get a link to Mr. Hoar's conversation with Linfield University on our website.

Pittsburgh Partner Lauren D. Godfrey was recently appointed Chair-Elect of the Cybersecurity and Data Privacy Committee of the American Bar Association Tort Trial & Insurance Practice Section (ABA/TIPS) for the 2021-2022 bar year. She will assume the position of Committee Chair for the 2022-2023 bar year. This is Ms. Godfrey's fourth year holding a leadership position within this committee. She is an active member of the ABA/TIPS and has held numerous leadership positions within this ABA section. This appointment is a reflection of Ms. Godfrey's competence and experience as well as her ongoing commitment to the ABA/TIPS.

Please join us in congratulating Ms. Godfrey on this appointment. Learn more about this news on our website.

Philadelphia Partner Richard Goldberg was recently quoted in a Main Line Today article titled “Cybercrimes on the Rise: Learn How to Stay Protected From a Hack,” which discusses how the public can avoid data privacy attacks. Citing the uptick in the frequency and scope of cybercrimes against large companies like Colonial Pipeline, SolarWinds, and JBS S.A., the article focuses on the vulnerability of digital systems and which types of private data are targeted. It mentions how the public can be manipulated into sharing personal information to cybercriminals, who take advantage of unsuspecting individuals online.

See what Mr. Goldberg had to say and get a link to the full article on our website.


Orange County Partner Kamran Salour and Washington D.C. Associate Svetlana McManus recently authored an article for the Los Angeles Daily Journal about Apple’s announcement of a controversial iOS software release that would include safety features to combat child sexual predators.

In the piece, Mr. Salour and Ms. McManus summarize the two features, “Communications Safety” and “CSAM (Child Sexual Abuse Material) Detection,” and how Apple plans on utilizing them to identify potential online predators. The authors then looked at the opposition to these features, and whether it is “based on a misunderstanding of how the features will operate or a genuine response to a legitimate fear that the creation of these new technological features foreshadows Apple’s encroachment into a one impenetrable realm of privacy.” 

Learn more about this development and get a link to the full article on our website.

Our Data Privacy and Cybersecurity Handbook

The latest edition of our Data Privacy & Cybersecurity Handbook is now available. This indispensable tool includes a cyber liability guide, important check lists, and summaries of data breach notification statutes for all 50 of the United States, its territories, and the District of Columbia, as well as a selection of international statutes. The handbook also includes all relevant information security statutes and is updated twice a year.

Sign up to receive your copy today!

Who We Are & What We Do

From relatively simple device theft containing proprietary or consumer information, to catastrophic system compromises affecting millions of consumers, Lewis Brisbois' Data Privacy & Cybersecurity Team has managed responses to thousands of data security incidents in virtually all business sectorsWe were recognized by Advisen, an international cyber insurance industry association, as the 2019 and 2020 “Cyber Law Firm of the Year.”

Our Team includes former Department of Justice cyber attorneys and nearly 20 Certified Information Privacy Professionals. Our lawyers understand complex technology and are devoted to customer service. We have particular expertise working with the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA).

Supported by a full-service law firm, our Team employs a holistic approach to data privacy and cybersecurity, offering a suite of proactive services to help clients keep their data private and secure, providing a rapid response to any digital crisis with fully managed breach response services, and delivering defensive litigation services when necessary.

The Lewis Brisbois Data Privacy & Cybersecurity Team is available 24/7/365 and is geographically distributed across the nation to help clients protect their data, and to respond to and remediate any type of data security incident. For more information, visit our Data Privacy & Cybersecurity Practice page.

back to top