-
Cybersecurity Law & Strategy
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask — 100 Days Out
Alan L. Friel
Part One of a Two-Part Article
Responses to questions businesses frequently ask about the impacts of the CCPA. Implementation challenges inevitably will arise as a company works to apply these new requirements to its business practices. The time is now to start preparing for the CCPA, as well as for other new U.S. privacy laws that are likely to follow.
Read More ›
-
Cybersecurity Law & Strategy
Data Privacy Reviews: The Cornerstone of a Data Breach Response
Andrew Goodman
Including a managed document review vendor in your incident response plan is critical.
Read More ›
-
Cybersecurity Law & Strategy
Marriott Moves to Dismiss Data Breach Lawsuit, Says Passport Numbers Useless to Hackers
Amanda Bronstad
In Its Motion To Dismiss, Marriott Insisted the Breach Caused No Harm to Its Guests and Attached a Declaration By a Former Government Official Who Wrote: “A U.S. Passport Is Virtually Impossible to Forge Successfully.”
Marriott is insisting that last year’s cyberattack did no harm to its hotel guests, not least of which because hackers cannot use stolen passport numbers.
Read More ›
-
Cybersecurity Law & Strategy
Legislative Heat Wave: A Mid-Year Review of Upcoming Cybersecurity Laws and Enforcement Activity
Michael Bahar, Sarah Paul, Mary Jane Wilson-Bilik and Ali Jessani
While legislation to enhance data privacy rights and obligations continue to make headlines, regulators and legislators are also stepping up their cybersecurity expectations. In the first half of 2019, a number of states have updated their existing data breach notification laws and passed new cybersecurity requirements.
Read More ›
-
Cybersecurity Law & Strategy
How to Keep Mobile Data Safe: The Case for On-Device AI
Gevorg Karapetyan
Bring Your Own Device is one of the biggest compliance-related issues companies face today, and when it comes to security risks, law firms are prime targets. Considering law firms are built on their reputation, firms must make every assurance that the technology they use will protect their data.
Read More ›
-
Cybersecurity Law & Strategy
SHIELD Act Signed in NY
F. Paul Greene
Defines Data Breach and Requires Data Security Controls
New York has brought itself into line with a number of states concerning how they define a data breach, and, where applicable, what substantive security controls they require.
Read More ›
-
Cybersecurity Law & Strategy
EU Court Rules Adding Facebook ‘Like’ Button Triggers GDPR Data Collection Obligation
Caroline Spiezio
Websites with embedded Facebook “like” buttons must inform users their data will be collected and processed by the social media giant, the Court of Justice of the European Union has ruled.
Read More ›
-
Cybersecurity Law & Strategy
Legal Tech: Smart Speakers and E-Discovery
Brian Schrader
For businesses that own such a device, or for individual employees who might have a personally owned one on their office desk, the question of who owns any recorded data remains murky.
Read More ›
-
Entertainment Law & Finance
How Changes In Texas Anti-SLAPP Statute Affects Entertainment Industry
Brent Turman
Approximately 30 states have enacted anti-SLAPP statutes, which are intended to deter lawsuits that impede the right to free speech and other related activities. New statutory language in Texas's anti-SLAPP statute specifically protects those in the entertainment and media industries, and such explicit reference should prove comfort to content creators and publishers.
Read More ›
-
Business Crimes Bulletin
The International Encryption Debate: Privacy Versus Big Brother
Robert J. Anello and Richard F. Albert
Although increased reliance on technology such as emails and texts has provided greater opportunity to gather evidence of criminal activity, law enforcement agencies around the world complain that encryption technologies make it difficult to catch criminals and terrorists and therefore should be restricted.
Read More ›
-
Business Crimes Bulletin
Are Companies Playing It Too Safe With GDPR Breach Reporting?
Frank Ready
A new report from the law firm of Pinsent Masons shows that there has been a high level of GDPR "over-reporting" at the U.K.'s Information Commissioner's Office, but organizations who may think they are playing it safe may actually be opening themselves up to further regulatory scrutiny.
Read More ›
-
Cybersecurity Law & Strategy
Clients Drive Information Governance: Payment Tied to Guideline Compliance
Stephen Cole
To comply with the data side of the Outside Counsel Guidelines, firms must have a clear information governance strategy for which the firm’s use of technology systems is foundational.
Read More ›
-
Cybersecurity Law & Strategy
EU E-Commerce Proposal Aims to Eliminate Barriers; Calls for E-Signatures and Net Neutrality
Simon Taylor
The European Union has put forth an ambitious proposal for how countries can eliminate barriers to e-commerce and protect businesses and consumers engaged in online transactions. But parts of the proposal, published as part of a World Trade Organization initiative that includes the U.S. and China, are likely to face opposition.
Read More ›
-
Cybersecurity Law & Strategy
Companies Poised To Repeat Data Privacy Compliance Mistakes
Phillip Bantz
New Study Shows U.S. Companies Are Taking the Same Failed Approach To Complying With California’s Privacy Regulation As They Did for GDPR
U.S. companies haven’t learned much from the missteps they made while preparing for the European Union’s General Data Protection Regulation (GDPR), suggests a new study on data privacy regulation compliance.
Read More ›
-
Cybersecurity Law & Strategy
State Report: New NJ Data Breach Notification Legislation Signed
Suzette Parmley
Legislation expanding the types of personal data that will trigger a required notification to customers in case of a breach, including email addresses and passwords, was signed into law by Gov. Phil Murphy.
Read More ›
-
Cybersecurity Law & Strategy
The Nice-to-Haves and Need-to-Haves of Cloud Computing
Michael Smith and Mike Paul
This article discusses what to look for in a cloud service provider and other issues that will help determine if moving to the cloud is the right move for your firm.
Read More ›
-
Cybersecurity Law & Strategy
The Eyes (and Privacy Laws) of Texas Are Upon You
Eric Levy
Consistent With the Cliché That “Everything’s Bigger In Texas,” the Texas Legislature Has Introduced Not One, But Two Separate Bills Relating to the Privacy of Personal Information
The TPPA is arguably the less onerous of the two bills, although you might not necessarily realize it at first blush, given the broad way it defines “personal identifying information” (PII).
Read More ›
-
Cybersecurity Law & Strategy
Safeguarding Client Data: An Attorney’s Duty to Provide ‘Reasonable’ Security
David G. Ries
Effective cybersecurity requires an ongoing, risk-based, comprehensive process that addresses people, policies and procedures, and technology, including training. Effective security also requires an understanding that security is everyone’s responsibility and constant security awareness by all users of technology.
Read More ›
-
Entertainment Law & Finance
Getting Ready for Wide-Ranging Reach of California’s Data Privacy Law
Samuel Cullari and Alexis Cocco
The CCPA is the first of its kind, generally applicable data protection law in the United States. What makes the CCPA unique is not only its applicability to companies like those in the entertainment and media industries, but also the rights it provides to consumers regarding their personal information (PI).
Read More ›
-
Cybersecurity Law & Strategy
The Principles of Good Cyber Risk Management
Ankur Sheth and Jano Bermudes
Apart from headline grabbing attacks, we are now seeing an epidemic of cyber attacks. Concern has shifted from dealing with data being stolen and sold on the dark Web to handling serious ransomware and destructive attacks, where attackers are looking for immediate monetary output.
Read More ›
-
Cybersecurity Law & Strategy
Second Circuit Blocks Video Privacy Suit Brought Against Barnes & Noble
Jenna Greene
A would-be class action against Barnes & Noble could have cost the bookseller hundreds of millions of dollars — not to mention a reputational hit for allegedly sharing private information about its customers’ online video purchases with Facebook.
Read More ›
-
Cybersecurity Law & Strategy
Privacy Notices, Opt-In Clauses Debated as U.S. Regulators Shape Federal Privacy Law
Caroline Spiezio
Tech giants’ privacy counsel and U.S. senators discussed opt-in policies, lengthy, legalese-filled privacy notices and location tracking. The discussion aimed to further shape a potential U.S. federal data privacy law.
Read More ›
-
Entertainment Law & Finance
Second Circuit Blocks Video Privacy Suit Brought Against Barnes & Noble
Jenna Greene
A would-be class action against Barnes & Noble could have cost the bookseller hundreds of millions of dollars — not to mention a reputational hit for allegedly sharing private information about its customers’ online video purchases with Facebook.
Read More ›
-
Cybersecurity Law & Strategy
A Survey of Proposed Federal Privacy Legislation and the Year Ahead
Jeffrey Atteberry
The social, economic, and political forces pushing for a comprehensive overhaul of the nation’s privacy regime are numerous, and many see 2019 as presenting the best opportunity yet for passage of federal data privacy legislation.
Read More ›
-
Cybersecurity Law & Strategy
House Hearing on Federal Privacy Law Takes Aim at GDPR, CCPA
Rhys Dipshan
The house consumer protection and commerce subcommittee agreed on the need for a new federal privacy law. But it was an open question how closely that law would follow what has already been done in California or in the EU.
Read More ›
-
Cybersecurity Law & Strategy
2019 Trends Overview: Compliance, Privacy and Security Family Tree
Mark Sangster
In 2019, regulations and laws will continue to define how businesses collect and use consumer data, and their obligations to protect this data from misuse, theft or exposure to unauthorized parties.
Read More ›
-
Cybersecurity Law & Strategy
Causation and Harm In Data Breach Litigation
Brian Ellman and Jee-Yeon Lehmann
Demonstrating that a data breach has resulted in an injury-in-fact can be difficult, because it is not always clear what has happened or will happen with the stolen data.
Read More ›
-
Cybersecurity Law & Strategy
Implications of GDPR & CCPA on Public Records
Jeff Cox
This article discusses the importance of securing a safe harbor for court records through reviewing an illustrative example of how a European Union (EU) citizen was able to force U.S. legal technology companies to remove and alter court records using GDPR.
Read More ›
-
Cybersecurity Law & Strategy
Cloudy With a Chance of IoT attacks: The Cybersecurity Forecast for 2019
Leigh-Anne Galloway
2018 was a trying year for the cybersecurity industry, with breaches increasing and showing no signs of slowing as we enter the New Year. 2019 will bring its own threats with the propagation of new technology — 5G and IoT — and their security vulnerabilities. However, there’s also progress on the horizon, thanks to more stringent government regulation and increasing legal action.
Read More ›
-
Cybersecurity Law & Strategy
What the U.S.’ Pursuit of Foreign Nation-State Hackers Means for Cybercrime Victims and Targets
Ronald Cheng and Mallory Jensen
For years, the U.S. has maintained an active enforcement campaign against overseas cyber criminals and while these past efforts have not been haphazard, they have not necessarily been part of a specific drive to address the serious issue of foreign cybercrime committed by nation states. Recent announcements by the DOJ show that this enforcement campaign is accelerating and expanding.
Read More ›
-
Cybersecurity Law & Strategy
Q&A with Women Leaders in Cybersecurity and Privacy
Adam Schlagman
In 2017, Atlanta attorney Bess Hinson founded the Atlanta Women in Cybersecurity Roundtable, an invitation-only initiative to provide community and resources to advance women in cybersecurity in Atlanta. Here, we speak with some of those women leaders about their biggest security and privacy challenges and why women are pursing legal and other roles in the cybersecurity and privacy field.
Read More ›
-
Cybersecurity Law & Strategy
Federal Data Privacy Legislation Is Likely Next Year, Tech Lawyers Say
Dan Clark
For Years, Federal Legislators Have Attempted to Pass Comprehensive Cybersecurity and Data Privacy Legislation. With More Support Than Ever from the Public, Industry and Both Sides of the Political Spectrum, 2019 May Be the Year When Such Legislation Is Enacted.
Read More ›
-
Cybersecurity Law & Strategy
Prepping a Mock Notification Letter Before a Cybersecurity Breach Hits
Stephen Moore
Being prepared for the worst before it even happens can minimize the damage in the event of a cybersecurity incident. To get any company ready for a cybersecurity event, the first step is to organize a team to write a mock breach notification letter that will represent your message to the world about your failure in the event you have a breach.
Read More ›
-
Entertainment Law & Finance
Risks in Online Collection of Children’s Data
Jeffrey Higel, Michael Bahar and Mike Nelson
As convenient, useful and cool mobile technology and interconnected devices are, they come with risks that remain largely unseen or, worse, ignored. Some pose security risks and privacy risk, like those present in voice-activated devices — especially for children. For manufacturers, they also pose regulatory litigation and insurance risks, especially when children end up using their “smart” products.
Read More ›
-
Cybersecurity Law & Strategy
Sticking a Hand in the Internet Cookie Jar
Jeffrey Higel, Michael Bahar and Mike Nelson
Why Collecting Children’s Online Data is a Risk
As convenient, useful and cool mobile technology and interconnected devices are, they come with risks that remain largely unseen or, worse, ignored. For manufacturers, they also pose regulatory litigation, and insurance risks, especially when children end up using their “smart” products.
Read More ›
-
Cybersecurity Law & Strategy
Are You Prepared? Dealing with GDPR-like Rules Spreading Across the Nation
Mark Sangster
California’s Consumer Privacy Act, signed into law earlier this year, follows a growing line of consumer privacy laws, such as the European General Data Protection Regulations (GDPR), Canadian Breach of Security Safeguards Regulations of the Personal Information Protection and Electronic Documents Act (PIPEDA), and related New York Department of Financial Services Cybersecurity Rules and Regulations (NYCRR 500).
Read More ›
-
Cybersecurity Law & Strategy
Right Out of the Box: California Enacts First-of-its-Kind Statute Regulating Internet-of-Things
Michael Bahar, Frank Nolan and Trevor Satnick
Companies Impacted By California’s SB-327 — Especially Manufacturers and Distributors of IoT Devices — Should Work to Ensure Compliance With the Act As Soon As Possible If Regulatory Fallout Is to Be Avoided Come January 2020
While a great deal of attention has focused on the California Consumer Privacy Act, California also passed a less-publicized, but highly critical, statute that will regulate certain aspects of Internet of Things device security.
Read More ›
-
Cybersecurity Law & Strategy
Elections: The Hidden Security Danger for Governments
Roy E. Hadley, Jr.
The news is replete with alleged actions of foreign governments and hackers trying to impact the democratic election process in the United States. It is incumbent upon the state and local governments to ensure the security of all elections.
Read More ›
-
Cybersecurity Law & Strategy
Understanding the Intersection Between GDPR and Cybersecurity
Jake Frazier and Anthony J. Ferrante
It’s been about half a year since Europe’s General Data Protection Regulation (GDPR) was activated, and corporate legal, privacy and compliance teams are beginning to adjust to the new lay of the land. We’ve seen early examples of enforcement activity, and those are helping organizations better understand the long-term landscape for compliance.
Read More ›
-
Cybersecurity Law & Strategy
The Blockchain Will Support GDPR, but Not How Most People Think
Michael Smolenski
It’s clear that the onset of GDPR regulations and a quickly changing consumer sentiment about the sensitivity and value of their personal data will reorient a company’s interactions with their customers and their information. There will be some pain points in this transition, as Facebook investors recently demonstrated, but it doesn’t have to be a unilateral downturn for the tech industry.
Read More ›
-
Cybersecurity Law & Strategy
Cybersecurity and Email
Bill Ho
In the legal community, professionals have embraced email. However, as increasing concerns and regulations around data security continue to evolve, the future of digital communication via email may not meet the more stringent requirements.
Read More ›
-
Cybersecurity Law & Strategy
Retail Leads the Way in Data Breaches — Here’s How to Protect Your Customers
Paige Schaffer
If 2017 was considered the “year of the data breach” as the number of incidents hit a new record high of 1,579, 2018 might get even more serious. Just a little more than halfway through 2018, the number and scale of data breaches that have already been reported is staggering.
Read More ›
-
Cybersecurity Law & Strategy
Cybersecurity Roundtable: Chicago’s Tech Experts Answer Three Critical Cybersecurity Questions
Adam Schlagman
Earlier this summer a group of security-minded executives in Chicago, long a hub for legal and financial tech, sat down for a panel discussion on anticipating and combatting cybercrime.
Read More ›
-
Entertainment Law & Finance
Get Ready for California’s Version of the EU General Data Protection Regulation
Jacqueline Klosek
The entertainment industry is intensely focused on data collection and analytics as it seeks to maximize the exploitation of digital content. Just as those of us in the privacy field had begun to have a slight breather as much of the heavy lifting on the GDPR was finally behind us, lawmakers in California have passed the California Consumer Privacy Act of 2018 (CCPA).
Read More ›
-
Cybersecurity Law & Strategy
General Data Protection Regulation: Defense or Offense?
Nina Cunningham
Ostensibly, GDPR’s mission is to strengthen and unify the EU’s protection of online privacy rights and promote data protection for citizens of the 28 countries currently in the EU. In the global economy, however, GDPR serves as an alarm to all countries with business flowing across Europe and well beyond. Where business flows, data follow.
Read More ›
-
Cybersecurity Law & Strategy
Five Takeaways from Recent Cybersecurity Developments by Colorado and the SEC
Brian Neil Hoffman
Colorado recently adopted a new law expanding companies’ obligations in the event of a cybersecurity incident, and establishing new data security and disposal obligations. Recent announcements by the SEC likewise emphasize important responsive points for both companies and their personnel in the wake of an incident. Five key takeaways from these developments are highlighted in this article.
Read More ›
-
Entertainment Law & Finance
Issues Between EU Data Protection, Use of Blockchain
Justin Hectus and Kristy Sambor
Emerging technologies and regulations have the power to create, shape or kill businesses. For the entertainment industry, the European Union’s (EU) General Data Protection Regulation (GDPR) and blockchain technology each embody forces that have the potential for profound impact. Taken in tandem, the GDPR and blockchain highlight the possibilities and pitfalls of disruption and the importance of cross-organizational collaboration in compliance and innovation initiatives.
Read More ›
-
Cybersecurity Law & Strategy
Blockchain and GDPR — Frenemies?
Justin Hectus and Kristy Sambor
In a nutshell, GDPR mandates that individuals have access and control over the use and maintenance of their data in certain circumstances, while the foundation of blockchain relies on the immutability of data. On the surface, these concepts seem in direct conflict with each other. This article discusses the points where GDPR and blockchain share common ground, where conflicts may exist and possible approaches for mitigating those conflicts.
Read More ›
-
Cybersecurity Law & Strategy
Why Encryption Is the Key to Ensure Data Privacy in the Cloud
Linus Chang
At both a personal and corporate level, there are huge gains to be made in protecting against data breaches. The fact is that well-implemented client-side encryption — where the corporate user keeps their own key rather than entrusting a third party to guard their sensitive information — is the only sure way to guarantee data privacy when storing data on other people’s servers.
Read More ›
-
Cybersecurity Law & Strategy
This is Not Your Father’s Cloud (Part Two)
Adam Cohen
Part Two of a Two-Part Article
In Part One of this article last month, we began a discussion designed to demystify the hesitations behind cloud security and analyzed the fast-growing transformation to a range of newer technical approaches with important consequences for legal practice. This month we continue the discussion by tackling the security and legal implications of the mass transformation of enterprise IT to cloud services from leading providers such as AWS and Azure.
Read More ›
