A New Legal Approach to Defending Email Privacy

A Q&A with Ray Gallo of Gallo LLP

In January, University of California Berkley students brought a claim against Google alleging that the company was violating the Electronic Communications Privacy Act by using college emails to target ads to the students. I asked attorney Ray Gallo about his work on behalf of the students and how this case, which is currently focused on individuals and not a large class action, is different from its predecessors both in scope and strategy.

Continue Reading

Paying Ransom

RansomwareA Q&A with Luke Emrich of RSM

Recently, a lawyer contacted us, inquiring about how to find and obtain bitcoins for a client’s data that was being held ransom. As ransomware becomes more common, more organizations will need to ask hard questions about how and when to pay off criminals to protect their data. I spoke with Luke Emrich, security and privacy supervisor at RSM US about this growing phenomenon and what organizations need to know.

Continue Reading

FCC’s Privacy Protections for Telecommunications Carriers

A Q&A with Sara Hutchins Jodka of McDonald Hopkins

The Federal Communications Commission alerted telecommunications and interconnected VolP service providers that the annual privacy certification for Customer Proprietary Network Information (CPNI) was due on March 1, 2016, and also warned that similar obligations would soon be required of broadband providers. I spoke with Sara Hutchins Jodka, senior counsel at McDonald Hopkins, about the implications for the telecommunications industry, and what companies can do to shore up their privacy protections.

Continue Reading

Delving Into California’s Data Security Report

CaliforniaA Q&A with Tanya Forsheit of BakerHostetler

In February California Attorney General Kamala Harris released her state’s data breach report and outlined “reasonable” security measures that companies should employ to avoid enforcement actions. I talked to litigator Tanya Forsheit about the AG’s recommendations and how companies should address them.

Continue Reading

Parsing the EU’s Cybersecurity Rules

A Q&A with Alan Meneghetti of Locke Lord LLP

Last December, the European Commission, the European Parliament and the Council announced that they had reached an agreement on an EU-wide cybersecurity directive that should go into effect within the next few years. I asked UK-based lawyer Alan Meneghetti about what the new rules mean and what they cover.

Continue Reading

Data Governance: Managing and Safeguarding Important Information Assets

A Q&A with Tom Preece of Rational Enterprise

Many data breach events are at least partly the result of poor data governance: organizations that don’t maintain a data inventory or map. Without such oversight, the inevitable breach event can become all the more devastating. I spoke with Tom Preece of Rational Enterprise about what organizations can do to gain control over their data.

Continue Reading

Don’t Ring the (False) Alarm: When a Data Loss Event Isn’t a Breach

A Q&A with Darin Bielby and Jeremy Batterman of Navigant Consulting’s Information Security & Investigations Practice
During a recent Risk and Insurance Management Society (RIMS) panel discussion, Navigant Managing Director Darin Bielby asserted that 50 percent of the organization’s information security forensic investigations yield evidence that enables legal counsel to counsel companies that a data breach did not occur. These findings typically demand no further action or notification about the event, though some organizations proceed with additional precautionary measures. I talked with Bielby and his colleague Jeremy Batterman about the reality of data privacy events and what forensic investigators are seeing.

Continue Reading

Australian Cyber Security: A Primer

A Q&A with Leah Mooney of MinterEllison
The cyber security field is rapidly evolving in Australia where new legislation, growing costs and an increased awareness of threats and liability have spurred discussion and concern. I spoke with Attorney Leah Mooney, special counsel in the Insurance and Corporate Risk Group of MinterEllison, about the state of affairs in Australia and what businesses operating there might need to know about looming risks and how to mitigate them.

Continue Reading

Third-Party Vendor Risk in Healthcare

A Q&A with Ozzie Fonseca of Experian
Last year’s data breach at Medical Management, LLC highlights the importance of third-party vendor oversight in the healthcare space. In this specific case, a call center agent at a billing company was copying information and sharing it with an unauthorized third party, leading to the exposure of thousands of patients records from 40 providers. We spoke to Ozzie Fonseca of Experian Data Breach Resolution about its implications for healthcare organizations.

Continue Reading

Bad Connections: Hidden Risks in the Internet of Things

Hand holding smart phone with Internet of things (IoT) word and object icon and blur background, Network Technology concept..

A Q&A with Larry Pesce of InGuardians
While the Internet of Things is making life more convenient, it’s also posing numerous security risks for both individuals and organizations. To find out more about why companies should keep an eye on these devices and how they can better mitigate risk, I spoke with Larry Pesce of InGuardians.

Continue Reading

No more posts.