Ransomware Dos and Don’ts

A Q&A with John Mullen of Lewis Brisbois

In recent months, ransomware attacks have become more frequent, particularly in the healthcare space. While these attacks with their demand for payment give their victims few options for responding, companies can still prepare themselves to act quickly and effectively. Better yet, they can avoid ransom-seeking malware in the first place with sound security policies. I spoke with attorney John Mullen of Lewis Brisbois about best practices.

Continue Reading

Forecasting the Impact of the GDPR

A Q&A with Hans Allnutt of DAC Beachcroft, LLP

Adopted in May, the sweeping General Data Protection Regulation (GPDR) replaces the E.U.’s long-outdated Directive 95/46/EC. The privacy regulation, which takes effect after a two-year transition period, calls for steeper sanctions and fines for violations. To find out more about what its adoption will mean for risk managers, I spoke with Hans Allnutt of DAC Beachcroft, LLP.

Continue Reading

A New Legal Approach to Defending Email Privacy

A Q&A with Ray Gallo of Gallo LLP

In January, University of California Berkley students brought a claim against Google alleging that the company was violating the Electronic Communications Privacy Act by using college emails to target ads to the students. I asked attorney Ray Gallo about his work on behalf of the students and how this case, which is currently focused on individuals and not a large class action, is different from its predecessors both in scope and strategy.

Continue Reading

Paying Ransom

RansomwareA Q&A with Luke Emrich of RSM

Recently, a lawyer contacted us, inquiring about how to find and obtain bitcoins for a client’s data that was being held ransom. As ransomware becomes more common, more organizations will need to ask hard questions about how and when to pay off criminals to protect their data. I spoke with Luke Emrich, security and privacy supervisor at RSM US about this growing phenomenon and what organizations need to know.

Continue Reading

FCC’s Privacy Protections for Telecommunications Carriers

A Q&A with Sara Hutchins Jodka of McDonald Hopkins

The Federal Communications Commission alerted telecommunications and interconnected VolP service providers that the annual privacy certification for Customer Proprietary Network Information (CPNI) was due on March 1, 2016, and also warned that similar obligations would soon be required of broadband providers. I spoke with Sara Hutchins Jodka, senior counsel at McDonald Hopkins, about the implications for the telecommunications industry, and what companies can do to shore up their privacy protections.

Continue Reading

Delving Into California’s Data Security Report

CaliforniaA Q&A with Tanya Forsheit of BakerHostetler

In February California Attorney General Kamala Harris released her state’s data breach report and outlined “reasonable” security measures that companies should employ to avoid enforcement actions. I talked to litigator Tanya Forsheit about the AG’s recommendations and how companies should address them.

Continue Reading

Parsing the EU’s Cybersecurity Rules

A Q&A with Alan Meneghetti of Locke Lord LLP

Last December, the European Commission, the European Parliament and the Council announced that they had reached an agreement on an EU-wide cybersecurity directive that should go into effect within the next few years. I asked UK-based lawyer Alan Meneghetti about what the new rules mean and what they cover.

Continue Reading

Data Governance: Managing and Safeguarding Important Information Assets

A Q&A with Tom Preece of Rational Enterprise

Many data breach events are at least partly the result of poor data governance: organizations that don’t maintain a data inventory or map. Without such oversight, the inevitable breach event can become all the more devastating. I spoke with Tom Preece of Rational Enterprise about what organizations can do to gain control over their data.

Continue Reading

Don’t Ring the (False) Alarm: When a Data Loss Event Isn’t a Breach

A Q&A with Darin Bielby and Jeremy Batterman of Navigant Consulting’s Information Security & Investigations Practice
During a recent Risk and Insurance Management Society (RIMS) panel discussion, Navigant Managing Director Darin Bielby asserted that 50 percent of the organization’s information security forensic investigations yield evidence that enables legal counsel to counsel companies that a data breach did not occur. These findings typically demand no further action or notification about the event, though some organizations proceed with additional precautionary measures. I talked with Bielby and his colleague Jeremy Batterman about the reality of data privacy events and what forensic investigators are seeing.

Continue Reading

Australian Cyber Security: A Primer

A Q&A with Leah Mooney of MinterEllison
The cyber security field is rapidly evolving in Australia where new legislation, growing costs and an increased awareness of threats and liability have spurred discussion and concern. I spoke with Attorney Leah Mooney, special counsel in the Insurance and Corporate Risk Group of MinterEllison, about the state of affairs in Australia and what businesses operating there might need to know about looming risks and how to mitigate them.

Continue Reading

No more posts.