Author Archives: Michael Barnsback

Michael Barnsback

About: Michael Barnsback

Michael counsels and represents Virginia employers in all aspects of employment law. His experience representing employers lead him to concentrate on data privacy and security issues involving not only internal (employee) threats, but also external threats. He counsels employers on issues concerning internal monitoring and data breach response obligations and procedures.

Will Privacy Enforcement Actions Impact “Reasonable” Security Measures Needed to Protect Trade Secrets?

In widely-publicized, contested privacy cases last year, the FTC advocated in favor of a high baseline for information security measures.  Among the security practices attacked by the FTC as critical mistakes by companies suffering data breaches: Storing sensitive data in readable text; Any system that permits the use of easily-guessed passwords; Failure to use firewalls between internal systems, the corporate network and the Internet; Lack of adequate administrative security policies and procedures; Failure to adequately restrict third-party vendors from network and corporate servers; Failure to employ reasonable measures to detect and prevent unauthorized access; and, Failure to follow proper incident …


Recognizing the Role and Importance of the CISO

In July of this year, we reported on the Cybersecurity Assessment Tool published by the Federal Financial Institutions Examination Council.  The FFIEC is an interagency organization that establishes the examination standards for financial institutions, including banks, federal savings associations, state savings associations, state member banks, state nonmember banks and credit unions. As you may recall, the Cybersecurity Assessment Tool is a voluntary tool designed to assist all financial institutions in conducting a self-assessment of cyber risks and to inform their risk management strategies. This month, the FFIEC published an updated “Management” booklet to its Information Technology Examination Handbook (“IT Handbook”). …


FFIEC Cybersecurity Assessment Tool: Not Just For Financial Institutions

On June 30, 2015, the Federal Financial Institutions Examination Council (FFIEC) released its long anticipated Cybersecurity Assessment Tool (press release here). The FFIEC is a formal interagency organization empowered to create uniform principles, standards and report forms for the federal examination of financial institutions governed by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB). The Cybersecurity Assessment Tool is designed to assist all financial institutions in conducting a self-assessment of …