When hackers exploited vulnerability due to software not being updated at a US credit agency, important data of millions of customers in the US, Canada, and the UK were leaked. The US federal authorities have launched an investigation that could lead to millions in fines. Bosses at the firm were questioned in a congressional hearing and the agency is facing the largest class action in US history. This sounds like the plot of a financial thriller, but the Equifax case did in fact happen and is a lesson for the future.
Apart from disrupting business activity, causing financial losses, and damaging a firm’s image, hacking can also lead to severe fines for failing to comply with personal data protection or cybersecurity regulations. Businesses which are victims of cybercrime might also be liable towards customers and employees for loss or leaking of important data. Compensatory liability is also possible under Polish law in cases of this kind, and may affect anyone. Cybersecurity reports show that approximately three quarters of businesses have experienced a cybersecurity incident of some kind, and these statistics are unlikely to fall in the near future. Former FBI director Robert Mueller summed up this situation well, saying “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again”.
Continue reading “Could businesses be sued for data leaks?”
The Global Legal Hackathon last weekend (23–25 February 2018) offered an excellent opportunity to grasp the potential that can be released from cooperation between lawyers and IT specialists. Legal Tech solutions are more than just technological novelties. They are solutions that can protect our legal system against a serious crisis.
Continue reading “Why do we need Legal Tech? A few thoughts following the Global Legal Hackathon”
The City of London Corporation announced in October 2017 that it would establish a new court in London for dealing with cybercrimes. This will reaffirm London’s status as a world financial centre and the best place to run businesses and solve disputes. Other states are also considering establishing such courts. In our view, Poland should not fall behind and should set one up too.
Our firm has seen an increase in cybercrime litigation cases, particularly over the last two years. Examples are: manipulating e-mail correspondence in order to change the details of transfers of funds, phishing, security breaches in servers and theft of confidential data, attacks on devices connected to the internet, malware, thefts of cryptocurrencies on deposit with cryptocurrency exchanges and public wallets, and fraudulent operations of algorithms on various websites.
Continue reading “Do we need a special court for cybercrime cases?”
Consultations are nearing the end on the proposed Regulatory Technical Standards (RTS) for strong customer authentication announced by the European Banking Authority pursuant to the revised Payment Services Directive (2015/2366, known as PSD2). This proposal was much awaited by the entire financial technology industry. The standards could have a huge impact on business models and tech solutions applied on the FinTech market.
Continue reading “PSD2: Strong customer authentication”
Recent terrorist attacks have revealed the dark side of new information technologies. Organizers of attacks, or fighters for the “Islamic State,” have ruthlessly exploited the latest communications technologies. For example, according to media reports, terrorists have arranged attacks via PlayStation tools or encrypted instant messaging services. Polish lawmakers decided to respond to this phenomenon by passing the Anti-Terrorism Act of 10 June 2016.
Continue reading “Terrorism and new technologies”
Under Poland’s Criminal Procedure Code, the holder of IT data is required to turn over the data, e.g. concerning the user of a device, at the demand of the competent authorities. But does this apply only to unencrypted data, or also to encrypted data, which to understand would require the holder to decode its own software? Let’s crack this conundrum using the example of the recently publicised American case of Apple Inc.
Continue reading “Would Apple have to crack an iPhone’s security in Poland?”