BHL Bogen

BHL Bogen
BridgehouseLaw LLP - Your Business Law Firm

Friday, November 23, 2018

Congress Passes Legislation Standing Up Cybersecurity Agency in DHS

On November 16, 2018, President Trump signed into law a bill that authorizes the reorganization of the US Department of Homeland Security's National Protection and Programs Directorate (NPPD) into a new cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA). 

The new federal agency operating within the Department of Homeland Security (DHS) will have a Cybersecurity Division, an Infrastructure Security Division, and an Emergency Communications Division.  The NPPD will benefit from an increased budget, streamlined operations, and improvements in the agency’s ability to recruit top cybersecurity talent. Christopher Krebs, the current NPPD Undersecretary, will head up CISA.

The move to transform the NPPD into a separate, operational cybersecurity agency comes amid growing threats to critical US infrastructure and industries from various nation-state adversaries and increasingly sophisticated cybercrime groups.  Still, some cybersecurity analysts question whether reorganizing the NPPD into a new agency will make much of a difference in the US's ability to address its cybersecurity concerns.  Cybersecurity increasingly is an integral concern for consumers, businesses, and non-federal assets.  However, the DHS’s primary focus of addressing cyber crime remains on the federal government, not the epidemic problems that private citizens and businesses also face.

The CISA Act (H.R. 3359) was initially proposed last year, passed in the Senate in October, and passed the House earlier in November.

by Angela Schulz | Associate Attorney at BridgehouseLaw LLP

Thursday, November 15, 2018

SCAM ALERT: Beware of Scams Mailers Targeting Businesses

SCAM ALERT: Beware of Scams Mailers Targeting Businesses

BridgehouseLaw would like to warn customers and businesses to avoid scam mailers that appear to be official state communications regarding Labor and Employee Laws.  The mailer scams inform recipients that their labor law powers are out-of-date and claim that revised state and federal labor law notices must be posted, directing recipients to purchase new notices at varying rates.

Our office has received notices addressed from a “PCI - Customer Compliance Department” on behalf of North Carolina-based companies.

Remember, the U.S. Department of Labor Wage and Hour Publication System offers electronic copies of the required posters free of charge in the English language (and some posters in languages other than English).  For information on how to order a poster directly from the U.S. Department of Labor, visit:

Monday, November 05, 2018

Facebook Data Breach Could Mean Up to $1.63 Billion in Fines from the EU

Facebook Data Breach Could Mean Up to $1.63 Billion in Fines from the EU

On September 28, 2018, social media giant Facebook disclosed that it had discovered a cyber breach in its security which allowed hackers to access the information of approximately 50 million accounts. Of those 50 million accounts around 10 percent (5 million) are based in the EU according to the Irish Data Protection Commission (DPC). Facebook’s European subsidiary is headquartered in Ireland so the Irish DPC is the organization which regulates Facebook in Europe. Now, the DPC is considering opening a formal investigation into Facebook which could generate millions of dollars in fines under strict new rules in the region. In a statement to CNBC the Irish DPC said that it was awaiting “more detailed numbers” and that it was assessing whether to open a formal probe into Facebook.

The Facebook data breach will be the first major test of Europe’s tough data protection laws introduced in May known as General Data Protection Regulation (GDPR) which regulates any company that handles the data of EU citizens and puts strong controls on how that information is used and stored. A big part of GDPR concerns data breaches and includes punishments for companies who fail to notify regulators about data breaches within 72 hours of the incident happening. Firms can also be fined if they are found to have not done enough to prevent the data breach or went against any of the principles around the processing of information outlined in GDPR legislation. If found to have breached GDPR, Facebook could face a maximum fine of up to 4 percent of its annual global turnover, around $1.63 billion of its $40.65 billion turnover from 2017.

In recent years the EU has been cracking down hard on U.S. technology companies. Last year, the EU fined Google 2.4 billion euros ($2.77 billion) after it determined that the search engine violated antitrust rules with its online shopping practices. In early 2018, the EU placed another fine on  Google for another 4.34 billion euros accusing the company of abusing its dominant position with its Android mobile operating system.

In the United States, where no equivalent to the GDPR exists, the possibility of such a fine for this incident is more remote. However, Facebook is still facing a Federal Trade Commission investigation into whether several data breaches including the Cambridge Analytica scandal and a “data-scraping incident” which affected most of the websites 2.2 billion users violated a 2011 consent decree on user privacy, which could result in record fines of over a billion dollar. It’s unclear so far how the two investigations may intersect. Facebook shares are down nearly 8 percent year-to-date. This data breach is just the latest of the major issues the company has faced this years, amidst the departure of Instagram co-founders Kevin Systrom and Mike Krieger. While Europe has moved first on a major data protection law, politicians in the US have yet to introduce a nationwide piece of legislation in likeness to European data protection laws. Several tech companies, including Amazon and Google, recently appeared in front of law makers, saying that they would be happy to support a federal privacy bill.