-
Cybersecurity Law & Strategy
A Look Behind, A Look Ahead: Part 1 - Cybersecurity
Steve Salkin
Cybersecurity Law & Strategy partnered with our ALM sibling Legaltech News to ask cybersecurity and e-discovery experts what they thought the key trends were in 2019 and what they expect to see in 2020.
Read More ›
-
Cybersecurity Law & Strategy
Data Privacy: Building Compliant and Adaptable Systems
Tomas Suros
Rather than trying to institute changes to comply with every new privacy law as it emerges, a better approach is to view data privacy as an overall framework and adopt a holistic response to compliance with the built-in flexibility to constantly adapt to an ever-changing legal landscape.
Read More ›
-
Cybersecurity Law & Strategy
GDPR Had Some Bite in 2019
Victoria Hudgins
Although no company was hit with the maximum GDPR fine of 4% of the company’s worldwide annual revenue, GDPR fines issued in 2019 were still a force to be reckoned with.
Read More ›
-
The Intellectual Property Strategist
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask
Alan L. Friel
Part Two of a Two-Part Article
Read More ›
-
Cybersecurity Law & Strategy
Unique Cyber Risks Faced By the Cannabis Industry
Victoria Hudgins
All companies face cybersecurity threats, but the legalized cannabis industry’s storage of personally identifiable information and reliance on seed-to-sale tracking software can place it firmly within hackers’ crosshairs.
Read More ›
-
Cybersecurity Law & Strategy
What Is the Appropriate Statute of Limitations Period for BIPA Claims?
Sean Wieber, Patrick O’Meara and Eric Shinabarger
The BIPA compliance lag has led companies using or collecting biometric information to consider how far back their liability may extend. The Illinois General Assembly, however, did not include an explicit statute of limitations period in BIPA. As a result, the statute of limitations has become one of BIPA’s primary battlegrounds as litigants argue about potential class sizes and damages awards.
Read More ›
-
Cybersecurity Law & Strategy
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask — 100 Days Out
Alan L. Friel
Part Two of a Two-Part Article
Part One of this article, last issue, covered how the CCPA applies to businesses — both in and outside California, the revenue threshold, proposed amendments and other open issues. Part Two continues with the rights that CCPA grants to Californians, the CCPA’s impact on company privacy policies, how other states’ privacy laws compare to the CCPA, exceptions and penalties for violating the Act.
Read More ›
-
Cybersecurity Law & Strategy
New Study Shows Which States Lead in Privacy Protection Laws
Sue Reisinger
General counsel who navigate the mishmash of state privacy laws may relate to a new study showing that individual U.S. states’ privacy statutes are spread across a broad spectrum.
Read More ›
-
The Intellectual Property Strategist
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask
Alan L. Friel
Part One of a Two-Part Article
The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on Jan. 1, 2020. In the wake of the CCPA’s passage, approximately 15 other states introduced their own CCPA-like privacy legislation, and similar proposals are being considered at the federal level. Part One of this article covers how the CCPA applies to businesses — both in and outside California, the revenue threshold, proposed amendments and other open issues.
Read More ›
-
Cybersecurity Law & Strategy
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask — 100 Days Out
Alan L. Friel
Part One of a Two-Part Article
Responses to questions businesses frequently ask about the impacts of the CCPA. Implementation challenges inevitably will arise as a company works to apply these new requirements to its business practices. The time is now to start preparing for the CCPA, as well as for other new U.S. privacy laws that are likely to follow.
Read More ›
-
Cybersecurity Law & Strategy
Data Privacy Reviews: The Cornerstone of a Data Breach Response
Andrew Goodman
Including a managed document review vendor in your incident response plan is critical.
Read More ›
-
Cybersecurity Law & Strategy
Marriott Moves to Dismiss Data Breach Lawsuit, Says Passport Numbers Useless to Hackers
Amanda Bronstad
In Its Motion To Dismiss, Marriott Insisted the Breach Caused No Harm to Its Guests and Attached a Declaration By a Former Government Official Who Wrote: “A U.S. Passport Is Virtually Impossible to Forge Successfully.”
Marriott is insisting that last year’s cyberattack did no harm to its hotel guests, not least of which because hackers cannot use stolen passport numbers.
Read More ›
-
Cybersecurity Law & Strategy
Legislative Heat Wave: A Mid-Year Review of Upcoming Cybersecurity Laws and Enforcement Activity
Michael Bahar, Sarah Paul, Mary Jane Wilson-Bilik and Ali Jessani
While legislation to enhance data privacy rights and obligations continue to make headlines, regulators and legislators are also stepping up their cybersecurity expectations. In the first half of 2019, a number of states have updated their existing data breach notification laws and passed new cybersecurity requirements.
Read More ›
-
Cybersecurity Law & Strategy
How to Keep Mobile Data Safe: The Case for On-Device AI
Gevorg Karapetyan
Bring Your Own Device is one of the biggest compliance-related issues companies face today, and when it comes to security risks, law firms are prime targets. Considering law firms are built on their reputation, firms must make every assurance that the technology they use will protect their data.
Read More ›
-
Cybersecurity Law & Strategy
SHIELD Act Signed in NY
F. Paul Greene
Defines Data Breach and Requires Data Security Controls
New York has brought itself into line with a number of states concerning how they define a data breach, and, where applicable, what substantive security controls they require.
Read More ›
-
Cybersecurity Law & Strategy
EU Court Rules Adding Facebook ‘Like’ Button Triggers GDPR Data Collection Obligation
Caroline Spiezio
Websites with embedded Facebook “like” buttons must inform users their data will be collected and processed by the social media giant, the Court of Justice of the European Union has ruled.
Read More ›
-
Cybersecurity Law & Strategy
Legal Tech: Smart Speakers and E-Discovery
Brian Schrader
For businesses that own such a device, or for individual employees who might have a personally owned one on their office desk, the question of who owns any recorded data remains murky.
Read More ›
-
Entertainment Law & Finance
How Changes In Texas Anti-SLAPP Statute Affects Entertainment Industry
Brent Turman
Approximately 30 states have enacted anti-SLAPP statutes, which are intended to deter lawsuits that impede the right to free speech and other related activities. New statutory language in Texas's anti-SLAPP statute specifically protects those in the entertainment and media industries, and such explicit reference should prove comfort to content creators and publishers.
Read More ›
-
Business Crimes Bulletin
The International Encryption Debate: Privacy Versus Big Brother
Robert J. Anello and Richard F. Albert
Although increased reliance on technology such as emails and texts has provided greater opportunity to gather evidence of criminal activity, law enforcement agencies around the world complain that encryption technologies make it difficult to catch criminals and terrorists and therefore should be restricted.
Read More ›
-
Business Crimes Bulletin
Are Companies Playing It Too Safe With GDPR Breach Reporting?
Frank Ready
A new report from the law firm of Pinsent Masons shows that there has been a high level of GDPR "over-reporting" at the U.K.'s Information Commissioner's Office, but organizations who may think they are playing it safe may actually be opening themselves up to further regulatory scrutiny.
Read More ›
-
Cybersecurity Law & Strategy
Clients Drive Information Governance: Payment Tied to Guideline Compliance
Stephen Cole
To comply with the data side of the Outside Counsel Guidelines, firms must have a clear information governance strategy for which the firm’s use of technology systems is foundational.
Read More ›
-
Cybersecurity Law & Strategy
EU E-Commerce Proposal Aims to Eliminate Barriers; Calls for E-Signatures and Net Neutrality
Simon Taylor
The European Union has put forth an ambitious proposal for how countries can eliminate barriers to e-commerce and protect businesses and consumers engaged in online transactions. But parts of the proposal, published as part of a World Trade Organization initiative that includes the U.S. and China, are likely to face opposition.
Read More ›
-
Cybersecurity Law & Strategy
Companies Poised To Repeat Data Privacy Compliance Mistakes
Phillip Bantz
New Study Shows U.S. Companies Are Taking the Same Failed Approach To Complying With California’s Privacy Regulation As They Did for GDPR
U.S. companies haven’t learned much from the missteps they made while preparing for the European Union’s General Data Protection Regulation (GDPR), suggests a new study on data privacy regulation compliance.
Read More ›
-
Cybersecurity Law & Strategy
State Report: New NJ Data Breach Notification Legislation Signed
Suzette Parmley
Legislation expanding the types of personal data that will trigger a required notification to customers in case of a breach, including email addresses and passwords, was signed into law by Gov. Phil Murphy.
Read More ›
-
Cybersecurity Law & Strategy
The Nice-to-Haves and Need-to-Haves of Cloud Computing
Michael Smith and Mike Paul
This article discusses what to look for in a cloud service provider and other issues that will help determine if moving to the cloud is the right move for your firm.
Read More ›
-
Cybersecurity Law & Strategy
The Eyes (and Privacy Laws) of Texas Are Upon You
Eric Levy
Consistent With the Cliché That “Everything’s Bigger In Texas,” the Texas Legislature Has Introduced Not One, But Two Separate Bills Relating to the Privacy of Personal Information
The TPPA is arguably the less onerous of the two bills, although you might not necessarily realize it at first blush, given the broad way it defines “personal identifying information” (PII).
Read More ›
-
Cybersecurity Law & Strategy
Safeguarding Client Data: An Attorney’s Duty to Provide ‘Reasonable’ Security
David G. Ries
Effective cybersecurity requires an ongoing, risk-based, comprehensive process that addresses people, policies and procedures, and technology, including training. Effective security also requires an understanding that security is everyone’s responsibility and constant security awareness by all users of technology.
Read More ›
-
Entertainment Law & Finance
Getting Ready for Wide-Ranging Reach of California’s Data Privacy Law
Samuel Cullari and Alexis Cocco
The CCPA is the first of its kind, generally applicable data protection law in the United States. What makes the CCPA unique is not only its applicability to companies like those in the entertainment and media industries, but also the rights it provides to consumers regarding their personal information (PI).
Read More ›
-
Cybersecurity Law & Strategy
The Principles of Good Cyber Risk Management
Ankur Sheth and Jano Bermudes
Apart from headline grabbing attacks, we are now seeing an epidemic of cyber attacks. Concern has shifted from dealing with data being stolen and sold on the dark Web to handling serious ransomware and destructive attacks, where attackers are looking for immediate monetary output.
Read More ›
-
Cybersecurity Law & Strategy
Second Circuit Blocks Video Privacy Suit Brought Against Barnes & Noble
Jenna Greene
A would-be class action against Barnes & Noble could have cost the bookseller hundreds of millions of dollars — not to mention a reputational hit for allegedly sharing private information about its customers’ online video purchases with Facebook.
Read More ›
-
Cybersecurity Law & Strategy
Privacy Notices, Opt-In Clauses Debated as U.S. Regulators Shape Federal Privacy Law
Caroline Spiezio
Tech giants’ privacy counsel and U.S. senators discussed opt-in policies, lengthy, legalese-filled privacy notices and location tracking. The discussion aimed to further shape a potential U.S. federal data privacy law.
Read More ›
-
Entertainment Law & Finance
Second Circuit Blocks Video Privacy Suit Brought Against Barnes & Noble
Jenna Greene
A would-be class action against Barnes & Noble could have cost the bookseller hundreds of millions of dollars — not to mention a reputational hit for allegedly sharing private information about its customers’ online video purchases with Facebook.
Read More ›
-
Cybersecurity Law & Strategy
A Survey of Proposed Federal Privacy Legislation and the Year Ahead
Jeffrey Atteberry
The social, economic, and political forces pushing for a comprehensive overhaul of the nation’s privacy regime are numerous, and many see 2019 as presenting the best opportunity yet for passage of federal data privacy legislation.
Read More ›
-
Cybersecurity Law & Strategy
House Hearing on Federal Privacy Law Takes Aim at GDPR, CCPA
Rhys Dipshan
The house consumer protection and commerce subcommittee agreed on the need for a new federal privacy law. But it was an open question how closely that law would follow what has already been done in California or in the EU.
Read More ›
-
Cybersecurity Law & Strategy
2019 Trends Overview: Compliance, Privacy and Security Family Tree
Mark Sangster
In 2019, regulations and laws will continue to define how businesses collect and use consumer data, and their obligations to protect this data from misuse, theft or exposure to unauthorized parties.
Read More ›
-
Cybersecurity Law & Strategy
Causation and Harm In Data Breach Litigation
Brian Ellman and Jee-Yeon Lehmann
Demonstrating that a data breach has resulted in an injury-in-fact can be difficult, because it is not always clear what has happened or will happen with the stolen data.
Read More ›
-
Cybersecurity Law & Strategy
Implications of GDPR & CCPA on Public Records
Jeff Cox
This article discusses the importance of securing a safe harbor for court records through reviewing an illustrative example of how a European Union (EU) citizen was able to force U.S. legal technology companies to remove and alter court records using GDPR.
Read More ›
-
Cybersecurity Law & Strategy
Cloudy With a Chance of IoT attacks: The Cybersecurity Forecast for 2019
Leigh-Anne Galloway
2018 was a trying year for the cybersecurity industry, with breaches increasing and showing no signs of slowing as we enter the New Year. 2019 will bring its own threats with the propagation of new technology — 5G and IoT — and their security vulnerabilities. However, there’s also progress on the horizon, thanks to more stringent government regulation and increasing legal action.
Read More ›
-
Cybersecurity Law & Strategy
What the U.S.’ Pursuit of Foreign Nation-State Hackers Means for Cybercrime Victims and Targets
Ronald Cheng and Mallory Jensen
For years, the U.S. has maintained an active enforcement campaign against overseas cyber criminals and while these past efforts have not been haphazard, they have not necessarily been part of a specific drive to address the serious issue of foreign cybercrime committed by nation states. Recent announcements by the DOJ show that this enforcement campaign is accelerating and expanding.
Read More ›
-
Cybersecurity Law & Strategy
Q&A with Women Leaders in Cybersecurity and Privacy
Adam Schlagman
In 2017, Atlanta attorney Bess Hinson founded the Atlanta Women in Cybersecurity Roundtable, an invitation-only initiative to provide community and resources to advance women in cybersecurity in Atlanta. Here, we speak with some of those women leaders about their biggest security and privacy challenges and why women are pursing legal and other roles in the cybersecurity and privacy field.
Read More ›
-
Cybersecurity Law & Strategy
Federal Data Privacy Legislation Is Likely Next Year, Tech Lawyers Say
Dan Clark
For Years, Federal Legislators Have Attempted to Pass Comprehensive Cybersecurity and Data Privacy Legislation. With More Support Than Ever from the Public, Industry and Both Sides of the Political Spectrum, 2019 May Be the Year When Such Legislation Is Enacted.
Read More ›
-
Cybersecurity Law & Strategy
Prepping a Mock Notification Letter Before a Cybersecurity Breach Hits
Stephen Moore
Being prepared for the worst before it even happens can minimize the damage in the event of a cybersecurity incident. To get any company ready for a cybersecurity event, the first step is to organize a team to write a mock breach notification letter that will represent your message to the world about your failure in the event you have a breach.
Read More ›
-
Entertainment Law & Finance
Risks in Online Collection of Children’s Data
Jeffrey Higel, Michael Bahar and Mike Nelson
As convenient, useful and cool mobile technology and interconnected devices are, they come with risks that remain largely unseen or, worse, ignored. Some pose security risks and privacy risk, like those present in voice-activated devices — especially for children. For manufacturers, they also pose regulatory litigation and insurance risks, especially when children end up using their “smart” products.
Read More ›
-
Cybersecurity Law & Strategy
Sticking a Hand in the Internet Cookie Jar
Jeffrey Higel, Michael Bahar and Mike Nelson
Why Collecting Children’s Online Data is a Risk
As convenient, useful and cool mobile technology and interconnected devices are, they come with risks that remain largely unseen or, worse, ignored. For manufacturers, they also pose regulatory litigation, and insurance risks, especially when children end up using their “smart” products.
Read More ›
-
Cybersecurity Law & Strategy
Are You Prepared? Dealing with GDPR-like Rules Spreading Across the Nation
Mark Sangster
California’s Consumer Privacy Act, signed into law earlier this year, follows a growing line of consumer privacy laws, such as the European General Data Protection Regulations (GDPR), Canadian Breach of Security Safeguards Regulations of the Personal Information Protection and Electronic Documents Act (PIPEDA), and related New York Department of Financial Services Cybersecurity Rules and Regulations (NYCRR 500).
Read More ›
-
Cybersecurity Law & Strategy
Right Out of the Box: California Enacts First-of-its-Kind Statute Regulating Internet-of-Things
Michael Bahar, Frank Nolan and Trevor Satnick
Companies Impacted By California’s SB-327 — Especially Manufacturers and Distributors of IoT Devices — Should Work to Ensure Compliance With the Act As Soon As Possible If Regulatory Fallout Is to Be Avoided Come January 2020
While a great deal of attention has focused on the California Consumer Privacy Act, California also passed a less-publicized, but highly critical, statute that will regulate certain aspects of Internet of Things device security.
Read More ›
-
Cybersecurity Law & Strategy
Elections: The Hidden Security Danger for Governments
Roy E. Hadley, Jr.
The news is replete with alleged actions of foreign governments and hackers trying to impact the democratic election process in the United States. It is incumbent upon the state and local governments to ensure the security of all elections.
Read More ›
-
Cybersecurity Law & Strategy
Understanding the Intersection Between GDPR and Cybersecurity
Jake Frazier and Anthony J. Ferrante
It’s been about half a year since Europe’s General Data Protection Regulation (GDPR) was activated, and corporate legal, privacy and compliance teams are beginning to adjust to the new lay of the land. We’ve seen early examples of enforcement activity, and those are helping organizations better understand the long-term landscape for compliance.
Read More ›
-
Cybersecurity Law & Strategy
The Blockchain Will Support GDPR, but Not How Most People Think
Michael Smolenski
It’s clear that the onset of GDPR regulations and a quickly changing consumer sentiment about the sensitivity and value of their personal data will reorient a company’s interactions with their customers and their information. There will be some pain points in this transition, as Facebook investors recently demonstrated, but it doesn’t have to be a unilateral downturn for the tech industry.
Read More ›
-
Cybersecurity Law & Strategy
Cybersecurity and Email
Bill Ho
In the legal community, professionals have embraced email. However, as increasing concerns and regulations around data security continue to evolve, the future of digital communication via email may not meet the more stringent requirements.
Read More ›
