The Office of Civil Rights (OCR), the agency within the United States Department of Health and Human Services that enforces the HIPAA Privacy and Security Rules, recently sent a clear message about the importance of business associate agreements.
A new application of the technology software “containers” offers a potential approach that may reduce many of the risks in current SaaS offerings, while allowing for more security and control.
The supply of legal service providers has increased, creating a hypercompetitive market and forcing law firms to think about how they deliver legal services.
In Start with Security, the FTC reiterates its long-standing view that data security should be a top priority for any organization, even those in start-up mode.
Although the Privacy Shield remains in limbo at this time, a flurry of speculation and Shield-adjacent legal maneuvers have colored the landscape and heightened concerns about its long-term viability.
According to a recent 451 Research survey of senior security executives, government agencies seem to be fighting the previous war. Instead of protecting data from hackers who’ve already gotten in, they’re still focusing on keeping the bad guys out of their systems.
What it boils down to is simply this: the price is only one piece of the puzzle. Depending on your company’s size, needs, and storage requirements, as well as risk tolerance, resources, and expertise, different solutions may seem optimal.
Ransomware, extortion and data sabotage may lead to ongoing issues for data controllers. Each of these types of cyberattacks is evolving in ways that are truly devious.
The blockchain provides a way to track and verify transactions without requiring a central tracking authority. Right now it is used mainly by Bitcoin (or similar crypto-currencies), but it could find applications in other domains.
Cybersecurity should be a major priority for all firms in 2016. The problem is, not everyone is playing with big law resources.
One of the most pressing problems facing information management professionals at organizations is orphaned data — data that has no owner.
Data minimization can be a powerful – and seemingly simple – data security measure. The term refers to retaining the least amount of personal information necessary in order for an organization to function. Less information means that there is less that the organization needs to protect, and less opportunity for information to be lost or stolen.
Verizon’s 2016 Data Breach Investigations Report doesn’t waste any time providing useful statistics regarding the state of data breaches – they state right on the cover of the report that “89% of breaches had a financial or espionage motive.”
It turns out that IT pros across the pond have the same concerns as here in the U.S., as the survey found that security is the top concern when moving critical applications to cloud. Specifically, 44 percent of U.S. and U.K. IT pros cited external hacking/data breaches as their top concerns, ahead of insider attacks and user error.
A pair of recent cases pitted the U.S. Department of Justice (DOJ) against Apple, Inc. (Apple) in a Herculean struggle between asserted interests in national security and privacy.
Private cloud offerings including SaaS are growing in our industry largely due to the expense in maintaining hardware and security protocols for client data that law firms have traditionally managed.
While cybersecurity risks have increased, government regulation has traditionally lagged behind. Recently, some government entities have tried to catch up by mandating that companies take a proactive approach toward protecting personal and competitively sensitive data. The move is a departure from the traditional reactive response of simply notifying consumers after their personal data is breached.
As the volume and complexity of client data proliferates, protecting client confidentiality only becomes harder. Unfortunately, law firms are often soft targets for hackers because they do not invest heavily in information technology infrastructure and security.
As demonstrated by the so-called “Panama Papers” leak of 11.5 million records from the Panama-based law firm Mossack Fonseca, there’s no doubt that law firms are being targeted by attackers seeking to access, steal and potentially leak their clients’ secrets.
Concerns over compliance and fears of data breaches are key drivers for information management initiatives in the enterprise.
For the eDiscovery community, this is a fascinating scandal because at its root are all the issues we face every day — data privacy, data security, large amounts of structured and unstructured data, finding out as quickly as possible what you have and building a strategy with ongoing information revelations.
Cyber liability insurance has actually been around since the turn of the century (back then it was called Errors and Omissions Insurance). In the early 2000’s, this kind of insurance was only purchased by big technology companies. It’s only now that other, smaller companies are stepping up to manage the risks associated with data breaches.
The new Privacy Shield creates multiple enforcement mechanisms for the EU Data Protection Authorities (DPA’s) and multiple civil and administrative paths for remedies for the EU citizen. Consent requirements are expected to be higher, and there is an expectation that data will be secured.
Our means for gathering data have largely outstripped our tools for analyzing that data. The result is a mountain of unstructured and largely inaccessible information gathered from social media, app permissions, website cookies and hardware and software service agreements.