In a nutshell, GDPR mandates that individuals have access and control over the use and maintenance of their data in certain circumstances, while the foundation of blockchain relies on the immutability of data. On the surface, these concepts seem in direct conflict with each other. This article discusses the points where GDPR and blockchain share common ground, where conflicts may exist and possible approaches for mitigating those conflicts.
At both a personal and corporate level, there are huge gains to be made in protecting against data breaches. The fact is that well-implemented client-side encryption — where the corporate user keeps their own key rather than entrusting a third party to guard their sensitive information — is the only sure way to guarantee data privacy when storing data on other people's servers.
Part Two of a Two-Part Article
In Part One of this article last month, we began a discussion designed to demystify the hesitations behind cloud security and analyzed the fast-growing transformation to a range of newer technical approaches with important consequences for legal practice. This month we continue the discussion by tackling the security and legal implications of the mass transformation of enterprise IT to cloud services from leading providers such as AWS and Azure.
The same applications, and the same cryptographic protocols, don't function in the exact same ways when appearing in 'the same software' utilized in different control devices. What, if any, are the legal ramifications of differing delivery mechanisms for the same cryptographic functions that may or may not perform the same?
Building an Intelligence-Led Program
With reports of major breaches surfacing with alarming frequency, boards and C-Level management are now looking to counsel to implement programs that help the corporation prepare for, quickly recover and reduce fallout from, inevitable cyber incidents. In-house counsel is facing growing responsibility to minimize damage to the corporate reputation, loss of key data, and legal and regulatory penalties. And many worry their organization is stuck in a game of catch-up.
If the U.S. cannot come to an understanding with the European Parliament by September 1, companies that already participate in Privacy Shield may find themselves in limbo. But there are options.
In the face of new threats, law firm cybersecurity assessments have become more engaging and demanding affairs. But many hope this new change is just the beginning of a more fundamental shift.
The ruling restricting the collection of historical cell site location information (CSLI) without a warrant aims to be narrow in scope, but legal experts argue it may have repercussions for years to come.
Your firm has identified an exciting new technology and done its due diligence. And then, you find yourself in the worst possible scenario: It turns out that the provider's technical support stinks. Here are some potential red flags that will help you evaluate a provider's technical support before you sign on the dotted line.
The confusing and conflicting world of contractual requirements and personal data security breach notification laws can add insult and expense to injury, and sometimes adds injury itself. Tough -- and sometimes expensive -- choices need to be made quickly.
