-
Cybersecurity Law & Strategy
Clients Drive Information Governance: Payment Tied to Guideline Compliance
Stephen Cole
To comply with the data side of the Outside Counsel Guidelines, firms must have a clear information governance strategy for which the firm’s use of technology systems is foundational.
Read More ›
-
Cybersecurity Law & Strategy
EU E-Commerce Proposal Aims to Eliminate Barriers; Calls for E-Signatures and Net Neutrality
Simon Taylor
The European Union has put forth an ambitious proposal for how countries can eliminate barriers to e-commerce and protect businesses and consumers engaged in online transactions. But parts of the proposal, published as part of a World Trade Organization initiative that includes the U.S. and China, are likely to face opposition.
Read More ›
-
Cybersecurity Law & Strategy
Companies Poised To Repeat Data Privacy Compliance Mistakes
Phillip Bantz
New Study Shows U.S. Companies Are Taking the Same Failed Approach To Complying With California’s Privacy Regulation As They Did for GDPR
U.S. companies haven’t learned much from the missteps they made while preparing for the European Union’s General Data Protection Regulation (GDPR), suggests a new study on data privacy regulation compliance.
Read More ›
-
Cybersecurity Law & Strategy
State Report: New NJ Data Breach Notification Legislation Signed
Suzette Parmley
Legislation expanding the types of personal data that will trigger a required notification to customers in case of a breach, including email addresses and passwords, was signed into law by Gov. Phil Murphy.
Read More ›
-
Cybersecurity Law & Strategy
The Nice-to-Haves and Need-to-Haves of Cloud Computing
Michael Smith and Mike Paul
This article discusses what to look for in a cloud service provider and other issues that will help determine if moving to the cloud is the right move for your firm.
Read More ›
-
Cybersecurity Law & Strategy
The Eyes (and Privacy Laws) of Texas Are Upon You
Eric Levy
Consistent With the Cliché That “Everything’s Bigger In Texas,” the Texas Legislature Has Introduced Not One, But Two Separate Bills Relating to the Privacy of Personal Information
The TPPA is arguably the less onerous of the two bills, although you might not necessarily realize it at first blush, given the broad way it defines “personal identifying information” (PII).
Read More ›
-
Cybersecurity Law & Strategy
Safeguarding Client Data: An Attorney’s Duty to Provide ‘Reasonable’ Security
David G. Ries
Effective cybersecurity requires an ongoing, risk-based, comprehensive process that addresses people, policies and procedures, and technology, including training. Effective security also requires an understanding that security is everyone’s responsibility and constant security awareness by all users of technology.
Read More ›
-
Entertainment Law & Finance
Getting Ready for Wide-Ranging Reach of California’s Data Privacy Law
Samuel Cullari and Alexis Cocco
The CCPA is the first of its kind, generally applicable data protection law in the United States. What makes the CCPA unique is not only its applicability to companies like those in the entertainment and media industries, but also the rights it provides to consumers regarding their personal information (PI).
Read More ›
-
Cybersecurity Law & Strategy
The Principles of Good Cyber Risk Management
Ankur Sheth and Jano Bermudes
Apart from headline grabbing attacks, we are now seeing an epidemic of cyber attacks. Concern has shifted from dealing with data being stolen and sold on the dark Web to handling serious ransomware and destructive attacks, where attackers are looking for immediate monetary output.
Read More ›
-
Cybersecurity Law & Strategy
Second Circuit Blocks Video Privacy Suit Brought Against Barnes & Noble
Jenna Greene
A would-be class action against Barnes & Noble could have cost the bookseller hundreds of millions of dollars — not to mention a reputational hit for allegedly sharing private information about its customers’ online video purchases with Facebook.
Read More ›
-
Cybersecurity Law & Strategy
Privacy Notices, Opt-In Clauses Debated as U.S. Regulators Shape Federal Privacy Law
Caroline Spiezio
Tech giants’ privacy counsel and U.S. senators discussed opt-in policies, lengthy, legalese-filled privacy notices and location tracking. The discussion aimed to further shape a potential U.S. federal data privacy law.
Read More ›
-
Entertainment Law & Finance
Second Circuit Blocks Video Privacy Suit Brought Against Barnes & Noble
Jenna Greene
A would-be class action against Barnes & Noble could have cost the bookseller hundreds of millions of dollars — not to mention a reputational hit for allegedly sharing private information about its customers’ online video purchases with Facebook.
Read More ›
-
Cybersecurity Law & Strategy
A Survey of Proposed Federal Privacy Legislation and the Year Ahead
Jeffrey Atteberry
The social, economic, and political forces pushing for a comprehensive overhaul of the nation’s privacy regime are numerous, and many see 2019 as presenting the best opportunity yet for passage of federal data privacy legislation.
Read More ›
-
Cybersecurity Law & Strategy
House Hearing on Federal Privacy Law Takes Aim at GDPR, CCPA
Rhys Dipshan
The house consumer protection and commerce subcommittee agreed on the need for a new federal privacy law. But it was an open question how closely that law would follow what has already been done in California or in the EU.
Read More ›
-
Cybersecurity Law & Strategy
2019 Trends Overview: Compliance, Privacy and Security Family Tree
Mark Sangster
In 2019, regulations and laws will continue to define how businesses collect and use consumer data, and their obligations to protect this data from misuse, theft or exposure to unauthorized parties.
Read More ›
-
Cybersecurity Law & Strategy
Causation and Harm In Data Breach Litigation
Brian Ellman and Jee-Yeon Lehmann
Demonstrating that a data breach has resulted in an injury-in-fact can be difficult, because it is not always clear what has happened or will happen with the stolen data.
Read More ›
-
Cybersecurity Law & Strategy
Implications of GDPR & CCPA on Public Records
Jeff Cox
This article discusses the importance of securing a safe harbor for court records through reviewing an illustrative example of how a European Union (EU) citizen was able to force U.S. legal technology companies to remove and alter court records using GDPR.
Read More ›
-
Cybersecurity Law & Strategy
Cloudy With a Chance of IoT attacks: The Cybersecurity Forecast for 2019
Leigh-Anne Galloway
2018 was a trying year for the cybersecurity industry, with breaches increasing and showing no signs of slowing as we enter the New Year. 2019 will bring its own threats with the propagation of new technology — 5G and IoT — and their security vulnerabilities. However, there’s also progress on the horizon, thanks to more stringent government regulation and increasing legal action.
Read More ›
-
Cybersecurity Law & Strategy
What the U.S.’ Pursuit of Foreign Nation-State Hackers Means for Cybercrime Victims and Targets
Ronald Cheng and Mallory Jensen
For years, the U.S. has maintained an active enforcement campaign against overseas cyber criminals and while these past efforts have not been haphazard, they have not necessarily been part of a specific drive to address the serious issue of foreign cybercrime committed by nation states. Recent announcements by the DOJ show that this enforcement campaign is accelerating and expanding.
Read More ›
-
Cybersecurity Law & Strategy
Q&A with Women Leaders in Cybersecurity and Privacy
Adam Schlagman
In 2017, Atlanta attorney Bess Hinson founded the Atlanta Women in Cybersecurity Roundtable, an invitation-only initiative to provide community and resources to advance women in cybersecurity in Atlanta. Here, we speak with some of those women leaders about their biggest security and privacy challenges and why women are pursing legal and other roles in the cybersecurity and privacy field.
Read More ›
-
Cybersecurity Law & Strategy
Federal Data Privacy Legislation Is Likely Next Year, Tech Lawyers Say
Dan Clark
For Years, Federal Legislators Have Attempted to Pass Comprehensive Cybersecurity and Data Privacy Legislation. With More Support Than Ever from the Public, Industry and Both Sides of the Political Spectrum, 2019 May Be the Year When Such Legislation Is Enacted.
Read More ›
-
Cybersecurity Law & Strategy
Prepping a Mock Notification Letter Before a Cybersecurity Breach Hits
Stephen Moore
Being prepared for the worst before it even happens can minimize the damage in the event of a cybersecurity incident. To get any company ready for a cybersecurity event, the first step is to organize a team to write a mock breach notification letter that will represent your message to the world about your failure in the event you have a breach.
Read More ›
-
Entertainment Law & Finance
Risks in Online Collection of Children’s Data
Jeffrey Higel, Michael Bahar and Mike Nelson
As convenient, useful and cool mobile technology and interconnected devices are, they come with risks that remain largely unseen or, worse, ignored. Some pose security risks and privacy risk, like those present in voice-activated devices — especially for children. For manufacturers, they also pose regulatory litigation and insurance risks, especially when children end up using their “smart” products.
Read More ›
-
Cybersecurity Law & Strategy
Sticking a Hand in the Internet Cookie Jar
Jeffrey Higel, Michael Bahar and Mike Nelson
Why Collecting Children’s Online Data is a Risk
As convenient, useful and cool mobile technology and interconnected devices are, they come with risks that remain largely unseen or, worse, ignored. For manufacturers, they also pose regulatory litigation, and insurance risks, especially when children end up using their “smart” products.
Read More ›
-
Cybersecurity Law & Strategy
Are You Prepared? Dealing with GDPR-like Rules Spreading Across the Nation
Mark Sangster
California’s Consumer Privacy Act, signed into law earlier this year, follows a growing line of consumer privacy laws, such as the European General Data Protection Regulations (GDPR), Canadian Breach of Security Safeguards Regulations of the Personal Information Protection and Electronic Documents Act (PIPEDA), and related New York Department of Financial Services Cybersecurity Rules and Regulations (NYCRR 500).
Read More ›
-
Cybersecurity Law & Strategy
Right Out of the Box: California Enacts First-of-its-Kind Statute Regulating Internet-of-Things
Michael Bahar, Frank Nolan and Trevor Satnick
Companies Impacted By California’s SB-327 — Especially Manufacturers and Distributors of IoT Devices — Should Work to Ensure Compliance With the Act As Soon As Possible If Regulatory Fallout Is to Be Avoided Come January 2020
While a great deal of attention has focused on the California Consumer Privacy Act, California also passed a less-publicized, but highly critical, statute that will regulate certain aspects of Internet of Things device security.
Read More ›
-
Cybersecurity Law & Strategy
Elections: The Hidden Security Danger for Governments
Roy E. Hadley, Jr.
The news is replete with alleged actions of foreign governments and hackers trying to impact the democratic election process in the United States. It is incumbent upon the state and local governments to ensure the security of all elections.
Read More ›
-
Cybersecurity Law & Strategy
Understanding the Intersection Between GDPR and Cybersecurity
Jake Frazier and Anthony J. Ferrante
It’s been about half a year since Europe’s General Data Protection Regulation (GDPR) was activated, and corporate legal, privacy and compliance teams are beginning to adjust to the new lay of the land. We’ve seen early examples of enforcement activity, and those are helping organizations better understand the long-term landscape for compliance.
Read More ›
-
Cybersecurity Law & Strategy
The Blockchain Will Support GDPR, but Not How Most People Think
Michael Smolenski
It’s clear that the onset of GDPR regulations and a quickly changing consumer sentiment about the sensitivity and value of their personal data will reorient a company’s interactions with their customers and their information. There will be some pain points in this transition, as Facebook investors recently demonstrated, but it doesn’t have to be a unilateral downturn for the tech industry.
Read More ›
-
Cybersecurity Law & Strategy
Cybersecurity and Email
Bill Ho
In the legal community, professionals have embraced email. However, as increasing concerns and regulations around data security continue to evolve, the future of digital communication via email may not meet the more stringent requirements.
Read More ›
-
Cybersecurity Law & Strategy
Retail Leads the Way in Data Breaches — Here’s How to Protect Your Customers
Paige Schaffer
If 2017 was considered the “year of the data breach” as the number of incidents hit a new record high of 1,579, 2018 might get even more serious. Just a little more than halfway through 2018, the number and scale of data breaches that have already been reported is staggering.
Read More ›
-
Cybersecurity Law & Strategy
Cybersecurity Roundtable: Chicago’s Tech Experts Answer Three Critical Cybersecurity Questions
Adam Schlagman
Earlier this summer a group of security-minded executives in Chicago, long a hub for legal and financial tech, sat down for a panel discussion on anticipating and combatting cybercrime.
Read More ›
-
Entertainment Law & Finance
Get Ready for California’s Version of the EU General Data Protection Regulation
Jacqueline Klosek
The entertainment industry is intensely focused on data collection and analytics as it seeks to maximize the exploitation of digital content. Just as those of us in the privacy field had begun to have a slight breather as much of the heavy lifting on the GDPR was finally behind us, lawmakers in California have passed the California Consumer Privacy Act of 2018 (CCPA).
Read More ›
-
Cybersecurity Law & Strategy
General Data Protection Regulation: Defense or Offense?
Nina Cunningham
Ostensibly, GDPR’s mission is to strengthen and unify the EU’s protection of online privacy rights and promote data protection for citizens of the 28 countries currently in the EU. In the global economy, however, GDPR serves as an alarm to all countries with business flowing across Europe and well beyond. Where business flows, data follow.
Read More ›
-
Cybersecurity Law & Strategy
Five Takeaways from Recent Cybersecurity Developments by Colorado and the SEC
Brian Neil Hoffman
Colorado recently adopted a new law expanding companies’ obligations in the event of a cybersecurity incident, and establishing new data security and disposal obligations. Recent announcements by the SEC likewise emphasize important responsive points for both companies and their personnel in the wake of an incident. Five key takeaways from these developments are highlighted in this article.
Read More ›
-
Entertainment Law & Finance
Issues Between EU Data Protection, Use of Blockchain
Justin Hectus and Kristy Sambor
Emerging technologies and regulations have the power to create, shape or kill businesses. For the entertainment industry, the European Union’s (EU) General Data Protection Regulation (GDPR) and blockchain technology each embody forces that have the potential for profound impact. Taken in tandem, the GDPR and blockchain highlight the possibilities and pitfalls of disruption and the importance of cross-organizational collaboration in compliance and innovation initiatives.
Read More ›
-
Cybersecurity Law & Strategy
Blockchain and GDPR — Frenemies?
Justin Hectus and Kristy Sambor
In a nutshell, GDPR mandates that individuals have access and control over the use and maintenance of their data in certain circumstances, while the foundation of blockchain relies on the immutability of data. On the surface, these concepts seem in direct conflict with each other. This article discusses the points where GDPR and blockchain share common ground, where conflicts may exist and possible approaches for mitigating those conflicts.
Read More ›
-
Cybersecurity Law & Strategy
Why Encryption Is the Key to Ensure Data Privacy in the Cloud
Linus Chang
At both a personal and corporate level, there are huge gains to be made in protecting against data breaches. The fact is that well-implemented client-side encryption — where the corporate user keeps their own key rather than entrusting a third party to guard their sensitive information — is the only sure way to guarantee data privacy when storing data on other people’s servers.
Read More ›
-
Cybersecurity Law & Strategy
This is Not Your Father’s Cloud (Part Two)
Adam Cohen
Part Two of a Two-Part Article
In Part One of this article last month, we began a discussion designed to demystify the hesitations behind cloud security and analyzed the fast-growing transformation to a range of newer technical approaches with important consequences for legal practice. This month we continue the discussion by tackling the security and legal implications of the mass transformation of enterprise IT to cloud services from leading providers such as AWS and Azure.
Read More ›
-
Business Crimes Bulletin
Balancing Fourth Amendment Expectations in the Electronic Era
Jonathan S. Feld, Dante Stella and Christina Brunty
As rapid technological changes in the 21st century continue to expand the types and volume of private electronic information, the Fourth Amendment’s privacy protections are evolving. The critical question in Fourth Amendment cases is whether a person has a “reasonable expectation of privacy in the information or event.”
Read More ›
-
Cybersecurity Law & Strategy
In-House Counsel’s Growing Role in Data Protection and Security Risk Management
Deana Uhl
Building an Intelligence-Led Program
With reports of major breaches surfacing with alarming frequency, boards and C-Level management are now looking to counsel to implement programs that help the corporation prepare for, quickly recover and reduce fallout from, inevitable cyber incidents. In-house counsel is facing growing responsibility to minimize damage to the corporate reputation, loss of key data, and legal and regulatory penalties. And many worry their organization is stuck in a game of catch-up.
Read More ›
-
Cybersecurity Law & Strategy
The End of the Privacy Shield?
Eric Levy
If the U.S. cannot come to an understanding with the European Parliament by September 1, companies that already participate in Privacy Shield may find themselves in limbo. But there are options.
Read More ›
-
Cybersecurity Law & Strategy
Online Extra: Just How Far Will the Supreme Court’s 'Carpenter' Opinion Reverberate?
Rhys Dipshan
The ruling restricting the collection of historical cell site location information (CSLI) without a warrant aims to be narrow in scope, but legal experts argue it may have repercussions for years to come.
Read More ›
-
Cybersecurity Law & Strategy
Security Breach Responses — As Important and Difficult As Ever
Bart A. Lazar
The confusing and conflicting world of contractual requirements and personal data security breach notification laws can add insult and expense to injury, and sometimes adds injury itself. Tough -- and sometimes expensive -- choices need to be made quickly.
Read More ›
-
Cybersecurity Law & Strategy
The Power of Certifications in Legal
Jared Coseglia
Part Two of a Two-Part Article
Professionals in e-discovery and privacy, including lawyers, are hungry for growth opportunities and may be ripe to transition into certain security-centric positions; however, the security job landscape is far more expansive and far less commoditized than ESI or privacy — for now. Part Two provides a road map for how certifications can assist an individual or an organization in reinventing, repurposing, creating or maintaining cybersecurity talents.
Read More ›
-
Cybersecurity Law & Strategy
Online Extra: The Evolving Nature of Cyber Law
Gabrielle Orum Hernández
A Q&A with Penn Law Prof. Anne Toomey McKenna
The newly appointed Penn State professor sees a lot of room for questions in the evolving cyber law landscape, but so far there are few answers.
Read More ›
-
Cybersecurity Law & Strategy
Online Extra: Facebook’s Blockchain Bet Could Place It in the Data Decentralization Debate
Ian Lopez
Oft-Considered an Avenue for Individuals to Attain Greater Control over Their Digital Information, Blockchain Could Be Leveraged By Facebook to Change Its Status As “Gatekeeper” for User Data
Facebook Inc. recently announced that it will begin exploring different ways to incorporate blockchain into its infrastructure. Yet, questions remain over how the social media company will implement the technology and what sort of legal challenges doing so could portend.
Read More ›
-
Cybersecurity Law & Strategy
Are U.S. Records Retention Requirements on a Collision Course with the GDPR’s ‘Right to Erasure?’
Stacey Garrett
U.S. laws require companies to retain records for years, and sometimes forever, and violating U.S. records retention laws can result in domestic fines and penalties. How can U.S. companies comply with the GDPR’s “right to erasure” while still fulfilling their U.S. records retention obligations?
Read More ›
-
Cybersecurity Law & Strategy
Life in the (Regulated) Fast Lane: Companies Must Navigate Global Privacy Rules on Self-Driving Cars
Caroline Spiezio
The race is on to develop the best technology for autonomous vehicles, but there are also drives to increase regulation around the data these cars and trucks collect.
Clearly, it’s an exciting time to be in the autonomous car industry, and the race is on to develop the best tech first. But with an increasingly complex legal landscape, lawyers need to focus on compliance with evolving data privacy regulations.
Read More ›
-
Cybersecurity Law & Strategy
Corporate Counsel Are Tackling Their Data Risk All at Once: Can They Do It?
Gabrielle Orum Hernández
A new BDO study finds a lack of priorities in data-related spending could, eventually, leave companies overstretched.
Read More ›
