Internet search giant Yahoo!Inc. (“Yahoo”) revealed last year that it was the victim of two massive data breaches back in 2013 and 2014 that potentially affected more than 1.5 billion users. Investigations into the incidents continue to reveal potentially damning information regarding what the company knew and when, how the company responded to the breaches, and the status of Yahoo’s information security at the time of the breaches. The details that have emerged paint the picture of a company that failed to adhere to basic data security requirements. Unfortunately, the technology company will likely become a case-study in what happens when an organization fails to follow security best practices.

Continue Reading Yahoo Data Breaches: A Lesson in What Not to Do

China-Great Hall of the People-163174307The newly passed cybersecurity statute of the People’s Republic of China will take effect in June 2017, and it is expected to have a significant impact on multinationals doing business in mainland China. The law affects both domestic and foreign companies operating on the Chinese mainland and covers a wide range of activities including the use of the Internet, information and communications technologies. The difficulties with determining the steps needed to comply with such sweeping changes are only complicated by the fact that a large number of key terms in the law have yet to be clearly defined. As a result, China’s new cybersecurity statute will continue to evolve as the national government interprets it.  This post endeavors to summarize some key provisions that are worth monitoring in the next few months. Continue Reading Costs and unanswered questions of China’s new cybersecurity regime