April 24th, 2017
New, groundbreaking cybersecurity regulation promulgated by the New York Department of Financial Services requires organizations under its jurisdiction to establish and maintain cybersecurity programs. Unlike current federal law that allows substantial flexibility for institutions to implement reasonable security safeguards, the new NYDFS regulations dictate specific, prescriptive measures companies must take to detect, prevent and report cybersecurity threats. Who is covered and what is required?
March 23rd, 2017
Data privacy and information governance get intimate in a recently-settled claim against the Canadian company We-Vibe. The lawsuit alleged that they violated customers' privacy by tracking the very intimate details surrounding usage of "adult sensual lifestyle products," which illustrates again the complexity and ramifications of data collecting, aggregation, and analytics in today's world. And what's particularly interesting is something we've discussed before on this blog, data context.
May 24th, 2016
Last month in Poway, California, Gabriela Dow, a member of the district’s Educational Technology Advisory Committee, made a fairly routine public records request for information from the school district. She sought information related to the day-to-day operation and technology of the school district, as well as any records bearing her own name. But what Ms. Dow actually received was quite troubling.
April 13th, 2016
I recommend that all lawyers stay informed about these FBI cybersecurity alerts and the cybersecurity threats that prompt them. In fact, I believe our ethical duties obligate us to take this reasonable step, which will ebable us to better protect the confidential and private information of our clients.
February 17th, 2016
On February 2, 2016, the European Commission and the U.S. Department of Commerce announced a new framework to govern the transfer of data from the EU to the United States, referred to as the EU-U.S. “Privacy Shield." The new protocol is intended to replace the 15-year-old Safe Harbor agreement that the European Court of Justice struck down in October, on the grounds that it failed to adequately protect the privacy rights of EU citizens.