-
Cybersecurity Law & Strategy
Synchronizing Legal Hold Requirements With Consumer Requests for Data Deletion
Mike Hamilton
The biggest challenge with any legal hold process is ensuring that potentially relevant data is actually preserved. But with evolving requirements for how data is managed by new data privacy laws like the CCPA and the GDPR, it’s become harder to secure data by simply sending a legal hold and assuming the custodian will do their duty to preserve it.
Read More ›
-
Cybersecurity Law & Strategy
How To Avoid Cybersecurity Challenges Brought On By the Pandemic
Tomas Suros
As the current pandemic has forced much of the world into virtual workforce mode, cybercriminals have seized on the uncertainty of the current times to launch new and creative offensives. Fears surrounding COVID-19 are high, conspiracy theories are running rampant, and cyberattackers are counting on stress and distraction to decrease our vigilance against intrusions.
Read More ›
-
Cybersecurity Law & Strategy
Where Will The Needle Land? COVID-19 Contact Tracing v. Protecting Personal Privacy
Scott Pink and John Dermody
Governments and businesses alike are considering how to leverage new technologies to make contact tracing efforts more effective by digitally monitoring our social interactions and physical locations. But such innovative contact tracing methods raise a host of privacy concerns, forcing a reckoning with how we balance privacy and public health.
Read More ›
-
Cybersecurity Law & Strategy
Recent Decisions Clarify Scope of Illinois Biometric Privacy Law
Frank Nolan and Andrew Weiner
For users of biometric information subject to BIPA’s rigorous requirements, the last two years have brought mostly bad news, most notably a smattering of unfavorable decisions on the question of whether plaintiffs must suffer an injury in order to avail themselves of BIPA. Against this backdrop, however, courts have issued decisions on other aspects of BIPA
Read More ›
-
Cybersecurity Law & Strategy
How Privacy Laws Shape COVID-19 Reopening Plans
Justin Eichenberger and Mary Fuller
When it comes to processing personal information, Americans do not have a general right to privacy because the United States does not have a comprehensive privacy law. That does not mean, however, that employers are not subject to other privacy requirements.
Read More ›
-
Cybersecurity Law & Strategy
New Jersey’s Latest Effort on the Privacy Front
Kenneth K. Dort and Mitchell S. Noordyke
New Jersey legislators are joining a growing line of states in proposing a bill to strengthen data privacy protections, following in the footsteps of privacy laws enacted in Europe and California.
Read More ›
-
Cybersecurity Law & Strategy
A CCPA Private Right of Action on the Horizon
David Keating, Jim Harvey and Dan Felz
Class Action Complaints Test Whether Plaintiffs Can Sue for Any Violation of the CCPA
This article provides an overview of how the CCPA addresses private rights of action, summarizes recent class action complaints that attempt to use CCPA violations as the basis for class-wide claims, and provides suggestions for prioritizing activity in CCPA compliance programs in this new litigation environment.
Read More ›
-
Cybersecurity Law & Strategy
Privacy Is Top Priority But Spending Will Decrease, Survey Says
Frank Ready
Exterro’s Annual Study of Legal Spend Management indicates that organizations are expecting to spend less on compliance with privacy laws in 2020 as they wait to see how new regulations like the CCPA are enforced first.
Read More ›
-
Cybersecurity Law & Strategy
Judge Warns Facebook in Approving Record $5B Fine for Alleged Privacy Violations
Jacqueline Thomsen
The Judge Pointed Out that Some FTC Commissioners Wanted to Specifically Sanction Facebook Founder Mark Zuckerberg for the Company Sharing Private User Data With Outside Parties
A federal judge in Washington, DC, signed off on a record $5 billion fine imposed by the U.S. Federal Trade Commission on Facebook for allegedly violating federal law and a previous order with its privacy practices.
Read More ›
-
Cybersecurity Law & Strategy
Coronavirus Work-from-Home Response A Boon for Cybercriminal Exploitation
Mark Sangster
Companies determined to protect their employees and minimize the impact of COVID-19 are enforcing travel restrictions and strong work-from-home policies. However those actions can be used against employees as any firms are likely unprepared for the criminal appetite for the cyberattack exploitation of a remote workforce. Here are some of the key issues of which law firms and companies need to be aware and steps that should be considered to minimize the risk to keep everyone — and client data — safe.
Read More ›
-
Cybersecurity Law & Strategy
COVID-19: Threats Abound: How to Protect Your Remote Workforce
Tomas Suros
The COVID-19 pandemic has changed the conversation around remote work. As more employees work remotely, law firms must employ security best practices to ensure that the extended reliance on the cloud doesn’t expose sensitive data or cripple daily operations. Following is a practical checklist of systems, technologies and processes to consider when evolving your firm for remote work and selecting your cloud technology provider.
Read More ›
-
Cybersecurity Law & Strategy
COVID-19: Companies, Trade Organizations Seek to Postpone CCPA Enforcement Date
Dan Clark
Over 30 trade associations and companies co-signed a letter last month to California Attorney General Xavier Becerra asking him to push back the enforcement date for the California Consumer Privacy Act due to the new coronavirus and a lack of clarity on the enforcement rules.
Read More ›
-
Cybersecurity Law & Strategy
The California Consumer Privacy Act is HERE: Are You Litigation Ready?
Ann Marie Mortimer, Jason J. Kim and Lisa J. Sotto
Most companies doing business in California are well aware of the CCPA and prepared diligently in advance of the law’s Jan. 1, 2020 compliance deadline. While compliance certainly is key, even compliant businesses must consider — and prepare for — the eventual onslaught of class action litigation that is coming.
Read More ›
-
Cybersecurity Law & Strategy
States Take the Lead on Securing IoT
Ashley Thomas
The California IoT Security Law is the first of its kind in the nation and pushes device manufacturers to adopt cybersecurity standards during the product development and design stages where none have existed before.
Read More ›
-
Cybersecurity Law & Strategy
Coronavirus Work-from-Home Response A Boon for Cybercriminal Exploitation
Mark Sangster
Here are some of the key issues of which law firms and companies need to be aware and steps that should be considered to minimize the risk to keep everyone — and client data — safe.
Read More ›
-
Cybersecurity Law & Strategy
Litigators and Privacy: The Last People You Want to See, or the First?
Michael Bahar, Sarah Paul, Matt Gatewood and Andrew Weiner
In their consideration of possible worst-case cyber attack scenarios, organizations often focus on the various types of attacks and their relative severity. But, the worst-case scenario is not the breach, it's the reputational damage, regulatory enforcement action, the business interruption, and the inevitable litigation that follows a poorly handled breach from an unprepared organization. Given this reality, it is important to adjust planning assumptions and response scenarios to focus on addressing these drivers of post-breach exposure.
Read More ›
-
Cybersecurity Law & Strategy
In the Know: Top 5 Legal Technology Trends for the 2020s
Deb Dobson
Technology allows attorneys to keep informed so they can help their clients understand the potential impact on their company.
Read More ›
-
Cybersecurity Law & Strategy
Defining Reasonable Care for the Protection of Personal Data
Devin Chwastyk
The Pennsylvania Supreme Court enlivened the Thanksgiving holidays of privacy lawyers in 2018 with its decision in Dittman v. UPMC, which held that an employer has a legal duty to exercise reasonable care to safeguard employees’ personal information. While the scope of the decision technically was confined to the employer-employee relationship, the court’s reasoning implies that such a duty of reasonable care may arise in any scenario where one party engages in the collection of personal information.
Read More ›
-
Cybersecurity Law & Strategy
Florida Lawmakers Introduce Online Privacy Legislation
David M. Stauss and Malia Rogers
Florida lawmakers have introduced companion bills in the Florida House (HB 963) and Senate (SB 1670) that would create limited online privacy rights and obligations in the state. The legislation appears to be very similar to the Nevada Online Privacy Protection Act, which was amended last year to add a right to opt-out of sales of covered information.
Read More ›
-
Cybersecurity Law & Strategy
More Regulation, Stronger Investigations and Home Tech Devices Concerns to Come in 2020, New Gibson Dunn Report Warns
Steve Salkin
On Data Privacy Day last month, Gibson Dunn released the eighth edition of its United States Cybersecurity and Data Privacy Outlook and Review. The report details trends that the privacy industry saw in 2019 from a legislative, regulatory and judicial perspective.
Read More ›
-
Cybersecurity Law & Strategy
A Look Behind, A Look Ahead: Part 1 - Cybersecurity
Steve Salkin
Cybersecurity Law & Strategy partnered with our ALM sibling Legaltech News to ask cybersecurity and e-discovery experts what they thought the key trends were in 2019 and what they expect to see in 2020.
Read More ›
-
Cybersecurity Law & Strategy
Data Privacy: Building Compliant and Adaptable Systems
Tomas Suros
Rather than trying to institute changes to comply with every new privacy law as it emerges, a better approach is to view data privacy as an overall framework and adopt a holistic response to compliance with the built-in flexibility to constantly adapt to an ever-changing legal landscape.
Read More ›
-
Cybersecurity Law & Strategy
GDPR Had Some Bite in 2019
Victoria Hudgins
Although no company was hit with the maximum GDPR fine of 4% of the company’s worldwide annual revenue, GDPR fines issued in 2019 were still a force to be reckoned with.
Read More ›
-
The Intellectual Property Strategist
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask
Alan L. Friel
Part Two of a Two-Part Article
Read More ›
-
Cybersecurity Law & Strategy
Unique Cyber Risks Faced By the Cannabis Industry
Victoria Hudgins
All companies face cybersecurity threats, but the legalized cannabis industry’s storage of personally identifiable information and reliance on seed-to-sale tracking software can place it firmly within hackers’ crosshairs.
Read More ›
-
Cybersecurity Law & Strategy
What Is the Appropriate Statute of Limitations Period for BIPA Claims?
Sean Wieber, Patrick O’Meara and Eric Shinabarger
The BIPA compliance lag has led companies using or collecting biometric information to consider how far back their liability may extend. The Illinois General Assembly, however, did not include an explicit statute of limitations period in BIPA. As a result, the statute of limitations has become one of BIPA’s primary battlegrounds as litigants argue about potential class sizes and damages awards.
Read More ›
-
Cybersecurity Law & Strategy
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask — 100 Days Out
Alan L. Friel
Part Two of a Two-Part Article
Part One of this article, last issue, covered how the CCPA applies to businesses — both in and outside California, the revenue threshold, proposed amendments and other open issues. Part Two continues with the rights that CCPA grants to Californians, the CCPA’s impact on company privacy policies, how other states’ privacy laws compare to the CCPA, exceptions and penalties for violating the Act.
Read More ›
-
Cybersecurity Law & Strategy
New Study Shows Which States Lead in Privacy Protection Laws
Sue Reisinger
General counsel who navigate the mishmash of state privacy laws may relate to a new study showing that individual U.S. states’ privacy statutes are spread across a broad spectrum.
Read More ›
-
The Intellectual Property Strategist
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask
Alan L. Friel
Part One of a Two-Part Article
The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on Jan. 1, 2020. In the wake of the CCPA’s passage, approximately 15 other states introduced their own CCPA-like privacy legislation, and similar proposals are being considered at the federal level. Part One of this article covers how the CCPA applies to businesses — both in and outside California, the revenue threshold, proposed amendments and other open issues.
Read More ›
-
Cybersecurity Law & Strategy
The California Consumer Privacy Act: Everything You Wanted to Know But Were Afraid to Ask — 100 Days Out
Alan L. Friel
Part One of a Two-Part Article
Responses to questions businesses frequently ask about the impacts of the CCPA. Implementation challenges inevitably will arise as a company works to apply these new requirements to its business practices. The time is now to start preparing for the CCPA, as well as for other new U.S. privacy laws that are likely to follow.
Read More ›
-
Cybersecurity Law & Strategy
Data Privacy Reviews: The Cornerstone of a Data Breach Response
Andrew Goodman
Including a managed document review vendor in your incident response plan is critical.
Read More ›
-
Cybersecurity Law & Strategy
Marriott Moves to Dismiss Data Breach Lawsuit, Says Passport Numbers Useless to Hackers
Amanda Bronstad
In Its Motion To Dismiss, Marriott Insisted the Breach Caused No Harm to Its Guests and Attached a Declaration By a Former Government Official Who Wrote: “A U.S. Passport Is Virtually Impossible to Forge Successfully.”
Marriott is insisting that last year’s cyberattack did no harm to its hotel guests, not least of which because hackers cannot use stolen passport numbers.
Read More ›
-
Cybersecurity Law & Strategy
Legislative Heat Wave: A Mid-Year Review of Upcoming Cybersecurity Laws and Enforcement Activity
Michael Bahar, Sarah Paul, Mary Jane Wilson-Bilik and Ali Jessani
While legislation to enhance data privacy rights and obligations continue to make headlines, regulators and legislators are also stepping up their cybersecurity expectations. In the first half of 2019, a number of states have updated their existing data breach notification laws and passed new cybersecurity requirements.
Read More ›
-
Cybersecurity Law & Strategy
How to Keep Mobile Data Safe: The Case for On-Device AI
Gevorg Karapetyan
Bring Your Own Device is one of the biggest compliance-related issues companies face today, and when it comes to security risks, law firms are prime targets. Considering law firms are built on their reputation, firms must make every assurance that the technology they use will protect their data.
Read More ›
-
Cybersecurity Law & Strategy
SHIELD Act Signed in NY
F. Paul Greene
Defines Data Breach and Requires Data Security Controls
New York has brought itself into line with a number of states concerning how they define a data breach, and, where applicable, what substantive security controls they require.
Read More ›
-
Cybersecurity Law & Strategy
EU Court Rules Adding Facebook ‘Like’ Button Triggers GDPR Data Collection Obligation
Caroline Spiezio
Websites with embedded Facebook “like” buttons must inform users their data will be collected and processed by the social media giant, the Court of Justice of the European Union has ruled.
Read More ›
-
Cybersecurity Law & Strategy
Legal Tech: Smart Speakers and E-Discovery
Brian Schrader
For businesses that own such a device, or for individual employees who might have a personally owned one on their office desk, the question of who owns any recorded data remains murky.
Read More ›
-
Entertainment Law & Finance
How Changes In Texas Anti-SLAPP Statute Affects Entertainment Industry
Brent Turman
Approximately 30 states have enacted anti-SLAPP statutes, which are intended to deter lawsuits that impede the right to free speech and other related activities. New statutory language in Texas's anti-SLAPP statute specifically protects those in the entertainment and media industries, and such explicit reference should prove comfort to content creators and publishers.
Read More ›
-
Business Crimes Bulletin
The International Encryption Debate: Privacy Versus Big Brother
Robert J. Anello and Richard F. Albert
Although increased reliance on technology such as emails and texts has provided greater opportunity to gather evidence of criminal activity, law enforcement agencies around the world complain that encryption technologies make it difficult to catch criminals and terrorists and therefore should be restricted.
Read More ›
-
Business Crimes Bulletin
Are Companies Playing It Too Safe With GDPR Breach Reporting?
Frank Ready
A new report from the law firm of Pinsent Masons shows that there has been a high level of GDPR "over-reporting" at the U.K.'s Information Commissioner's Office, but organizations who may think they are playing it safe may actually be opening themselves up to further regulatory scrutiny.
Read More ›
-
Cybersecurity Law & Strategy
Clients Drive Information Governance: Payment Tied to Guideline Compliance
Stephen Cole
To comply with the data side of the Outside Counsel Guidelines, firms must have a clear information governance strategy for which the firm’s use of technology systems is foundational.
Read More ›
-
Cybersecurity Law & Strategy
EU E-Commerce Proposal Aims to Eliminate Barriers; Calls for E-Signatures and Net Neutrality
Simon Taylor
The European Union has put forth an ambitious proposal for how countries can eliminate barriers to e-commerce and protect businesses and consumers engaged in online transactions. But parts of the proposal, published as part of a World Trade Organization initiative that includes the U.S. and China, are likely to face opposition.
Read More ›
-
Cybersecurity Law & Strategy
Companies Poised To Repeat Data Privacy Compliance Mistakes
Phillip Bantz
New Study Shows U.S. Companies Are Taking the Same Failed Approach To Complying With California’s Privacy Regulation As They Did for GDPR
U.S. companies haven’t learned much from the missteps they made while preparing for the European Union’s General Data Protection Regulation (GDPR), suggests a new study on data privacy regulation compliance.
Read More ›
-
Cybersecurity Law & Strategy
State Report: New NJ Data Breach Notification Legislation Signed
Suzette Parmley
Legislation expanding the types of personal data that will trigger a required notification to customers in case of a breach, including email addresses and passwords, was signed into law by Gov. Phil Murphy.
Read More ›
-
Cybersecurity Law & Strategy
The Nice-to-Haves and Need-to-Haves of Cloud Computing
Michael Smith and Mike Paul
This article discusses what to look for in a cloud service provider and other issues that will help determine if moving to the cloud is the right move for your firm.
Read More ›
-
Cybersecurity Law & Strategy
The Eyes (and Privacy Laws) of Texas Are Upon You
Eric Levy
Consistent With the Cliché That “Everything’s Bigger In Texas,” the Texas Legislature Has Introduced Not One, But Two Separate Bills Relating to the Privacy of Personal Information
The TPPA is arguably the less onerous of the two bills, although you might not necessarily realize it at first blush, given the broad way it defines “personal identifying information” (PII).
Read More ›
-
Cybersecurity Law & Strategy
Safeguarding Client Data: An Attorney’s Duty to Provide ‘Reasonable’ Security
David G. Ries
Effective cybersecurity requires an ongoing, risk-based, comprehensive process that addresses people, policies and procedures, and technology, including training. Effective security also requires an understanding that security is everyone’s responsibility and constant security awareness by all users of technology.
Read More ›
-
Entertainment Law & Finance
Getting Ready for Wide-Ranging Reach of California’s Data Privacy Law
Samuel Cullari and Alexis Cocco
The CCPA is the first of its kind, generally applicable data protection law in the United States. What makes the CCPA unique is not only its applicability to companies like those in the entertainment and media industries, but also the rights it provides to consumers regarding their personal information (PI).
Read More ›
-
Cybersecurity Law & Strategy
The Principles of Good Cyber Risk Management
Ankur Sheth and Jano Bermudes
Apart from headline grabbing attacks, we are now seeing an epidemic of cyber attacks. Concern has shifted from dealing with data being stolen and sold on the dark Web to handling serious ransomware and destructive attacks, where attackers are looking for immediate monetary output.
Read More ›
-
Cybersecurity Law & Strategy
Second Circuit Blocks Video Privacy Suit Brought Against Barnes & Noble
Jenna Greene
A would-be class action against Barnes & Noble could have cost the bookseller hundreds of millions of dollars — not to mention a reputational hit for allegedly sharing private information about its customers’ online video purchases with Facebook.
Read More ›
