On Wednesday, February 12, the White House released the National Institute of Standards and Technology’s (NIST) Final Cybersecurity Framework: a set of industry best practices and standards to help owners and operators of critical infrastructure develop better cybersecurity programs. It is accompanied by a Roadmap which discusses NIST’s next steps with the Framework and identifies key areas of development, alignment, and collaboration. The Framework stems from President Obama’s February 2013 Executive Order on cybersecurity, previously covered on October 1, 2013. The overall core of the Framework is essentially unchanged from earlier drafts, also previously discussed on October 28, 2013.
As the world becomes more interconnected, data breaches and cyber-attacks are increasingly becoming an unfortunate reality for many organizations. The stakes are high: a data security breach can disrupt a company’s operations, damage the business’s reputation, cause its stock price to fall, lead to the loss of business, and attract government investigations, agency action, and class action lawsuits. Complicating matters is the fact that a patchwork of state and federal laws can apply to the same data security breach incident.
The National Institute of Standards and Technology (NIST) has just released its Preliminary Cybersecurity Framework: a set of best practices to help owners and operators of critical infrastructure reduce cybersecurity risks. This voluntary framework provides both private and public-sector organizations with a common language for understanding and managing cybersecurity risks internally and externally. The framework stems from President Obama’s February 2013 Executive Order on cybersecurity, previously covered by this blog. The Final Framework is due to be released in February 2014, following a 45-day public comment period on the Preliminary Framework.
As we reported in the Gibbons E-Discovery Law Alert in May 2012, “Reg FD” could present a potential pitfall for those that post material non-public information via social media platforms. In early December 2012, that “pitfall” became a reality for Netflix Inc. CEO Reed Hastings. In July 2012 Hastings published on his public Facebook page a 43-word post concerning viewership statistics, including that Netflix subscribers had watched one billion hours of video the previous month.
“Did I Just Get a Tweet From Goldman Sachs?!?”: Increased Expansion and Scrutiny of Social Media in the Financial Services Industry
With the increased use of social media by financial services industry participants, more activity and scrutiny can be expected from financial regulators. This is not to mention the litigation from investors that could arise out of, for example, the misinterpreted or well-meaning post from an advisor that simply did not translate to “less than 140 characters.” It appears that there is a trend (amongst at least the larger financial institutions) that a united and pre-approved voice is best for now.
Delivering non-public material information through Internet-based social media, especially social networking sites such as Facebook, LindedIn, and Twitter, means that this information will first reach only a fraction of the investing public — those who “follow” the company using those platforms. As illustrated by the hypothetical below, this may create a potential “Reg FD” issue for a public company. As we addressed in a previous blog, the SEC has recently issued guidance to investment advisers concerning their use of social media. We have also addressed in a previous blog that FINRA, too, has issued Regulatory Notices which make it clear that member firms are expected to have policies and procedures in place that cover the use of social media by the firm and its associated persons. While direct guidance to public companies on the use of social media to report a company’s material financial matters has yet to issue, this post offers suggestions for avoiding pitfalls in this regard.
The Fifth Annual Gibbons E-Discovery Conference Closes With Helpful Guidance on Drafting Records Management Policies
An effective and up-to-date set of records management policies may help companies reduce the likelihood of sanctions and other adverse consequences by ensuring records are retained and preserved in accordance with legal requirements, according to Gibbons Director Phillip Duffy; TechLaw Solutions’ Northeast Regional Director Michael Landau; and Inventus LLC Senior Consultant Bryan Melchionda.
On October 28, the Gibbons E-Discovery Task Force hosted its fourth annual full day E-Discovery Conference, with more than 100 clients, in-house counsel and other contacts in attendance. Devoted to the latest developments in electronic discovery and corporate information management, this program included speakers who are among the most respected names in the e-discovery field, including former United States Magistrate Judges John Hughes and Ronald Hedges, e-discovery authority Michael Arkfeld, and representatives of leading corporations and e-discovery service providers. Among the Gibbons attorneys who presented and moderated panels were Task Force Chair, Mark S. Sidoti, Chair of the firm’s Employment Law Department, Christine A. Amalfe, and Task Force members, Luis J. Diaz, Phillip J. Duffy, Scott J. Etish, Lan Hoang and Jeffrey L. Nagel.
The Gibbons E-Discovery Task Force will host its fourth annual full day E-Discovery Conference on October 28, 2010, in the firm’s Newark, NJ office. Devoted to the latest developments in electronic discovery and corporate information management, this program will include speakers who are among the most respected names in the e-discovery field, including former United States Magistrate judges John Hughes and Ronald Hedges, e-discovery authority Michael Arkfeld, and representatives of leading corporations and e-discovery service providers.