The attack on Sony Pictures Entertainment exposed sensitive intellectual property, revealed personal employee details, and demonstrated the vulnerabilities of U.S. companies to cyberattack. Two months later, the dust continues to settle as the repercussions of this breach are assessed. Far beyond the millions of dollars in lost revenue, Sony may suffer significant reputational risk and could endure protracted lawsuits for years to come. For the financial industry, the implications of a breach of this magnitude would extend even further, into its fiduciary responsibility to protect the vital economic lifeblood of the United States.
A two-year-old technology is at the spearhead of a genuine revolution in data center architectures, for both software and hardware.
Recent amendments to the ABA Model Rules of Professional Conduct (Model Rules) indicate less leeway for lawyers who inadvertently violate their ethical obligations through the use of technology, including such ubiquitous services as cloud computing.
New study shows not only is medical identity fraud costly for individuals, it’s happening a lot more often. Having steadily grown over the past five years, medical identity theft increased by a whopping 21.7 percent in 2014, according to a new report conducted by the Ponemon Institute on behalf of the Medical Identity Fraud Alliance (MIFA).
With the global market for electronic health records expected to exceed $22 billion by the end of this year, healthcare providers are shifting their focus on big data analytics and cloud computing to improve patient health information management.
Before data was big, Google was a verb, or Gordon Moore wrote his law, insurers were using math and statistics to predict the future. As early as the 2 nd millennia BC, Babylonian sea merchants paid lenders extra for a promise of help if their ship was to sink. They set prices by correlating data points to calculate the likelihood and potential cost of a disaster at sea. Data was sparse, and one would assume neither merchant nor lender consistently got a good deal. In 2015, property, casualty, life and health insurance companies are awash in data.
Pew research report “ The Future of Privacy ” indicated by 2015 that 55% of the 2,211 respondents no one should really expect any privacy and that the IoT (Internet of Things) will make things worse.
In November 2014—just two weeks after Admiral Michael Rogers, director of the National Security Agency, testified to the House Intelligence Committee that certain nation-state actors had the capability of “infiltrating the networks of industrial-control systems, the electronic brains behind infrastructure like the electrical grid, nuclear power plants, air traffic control and subway systems”—Sony Pictures announced it had experienced a major cyber-attack, one many sources believe was likely perpetrated by or on behalf of a nation-state. This destructive cyber-attack was a game-changer for corporate America because it became clear that hackers are not simply focused on credit card numbers or personal information. Indeed, the attack on Sony was designed to steal the Company’s intellectual property, disseminate personal emails of high-ranking executives, and destroy Sony servers and hard drives, rendering them useless.
The Anthem security breach and massive PII data exposure is an unfortunate recent reminder that breaches are now routine. Hackers can leverage the most basic vulnerabilities, such as static passwords to gain access to protected systems. It also highlights a troubling new trend whereby hackers use cloud services, particularly unapproved cloud storage and file sync and share services as the data exfiltration vector. The most troubling part is that hackers don’t require innovative schemes to exfiltrate data, but rather use unmonitored and unsecured cloud services as a front door exfiltration vector.
Two of the principal reasons that paper documents are not backed up digitally is the high cost of scanning or digitizing them in the first place, and the challenge of then being able to index and access them after they’re digitized. BeyondRepro, a member of the BeyondRecognition network of companies, has new technology that addresses both issues, as well as a business model that makes it even more practical to backup paper documents.
Leveraging advanced visual classification technology to evaluate sensitive data and redact based on either word or pattern matching or on redacting certain zones within groupings of visually-similar documents, BeyondRedaction allow corporations to quickly and cost effectively redact sensitive data at a rate far exceeding traditional standard redaction technologies and processes.
There is a battle in the legal tech world between Information Governance and Search. It reflects a larger conflict in IT and all of society. Last year I came to believe that Information Governance’s preoccupation with classification, retention, and destruction of information was a futile pursuit. I challenged these activities as inefficient and doomed to failure in the age of information explosion. Instead of classify and kill, I embraced the googlesque approach of save and search. I became wary of the whole approach of governing information as hostile to individual privacy rights and liberties.
As LegalTech NY 2015 draws to a close and legal technology practitioners begin the transition from the event back into the daily execution of their specific duties, the following compilation of 15 vendor notes may serve as a fun reminder of some of the more interesting topics shared during the week.
Safe Harbor Under Review. 2014 saw a continuation of the uncertainty around the future of the EU-U.S. Safe Harbor Agreement. In March 2014, the European Parliament voted to suspend the Agreement as a result of Edward Snowden’s revelations on the mass surveillance carried out by the U.S. Government. Following on from the Parliament’s vote, the Trans-Atlantic Business Dialogue continues to negotiate the areas where the Safe Harbor Agreement can be improved, as detailed in our blog post here. The dialogue seeks to reach agreement on 13 areas of potential improvement proposed by the European Commission in its report of 2013. Eleven out of the 13 recommendations were close to final agreement by end of 2014; the final two are the most contentious, as they involve the activities of U.S. intelligence agencies. The uncertainty was reiterated by Andrus Ansip, Vice-President for Digital Single Market, who said he might be willing to suspend the Agreement unless the security of EU citizens’ data could be guaranteed by the U.S. Looking ahead, the CJEU is expected to examine the legality of the Safe Harbor Agreement in 2015 following a referral from Ireland’s High Court of a case brought by privacy activist Max Schrems against the Irish Data Protection Commissioner effectively challenging the validity of Safe Harbor in Europe in relation to transfers from Facebook Ireland to Facebook’s U.S. parent company.
The second filter begins where the first leaves off. The ESI has already been purged of unwanted custodians, date ranges, spam, and other obvious irrelevant files and file types. Think of the First Filter as a rough, coarse filter, and the Second Filter as fine grained. The Second Filter requires a much deeper dive into file contents to cull out irrelevance. The most effective way to do that is to use predictive coding, by which I mean active machine learning, supplemented somewhat by using a variety of methods to find good training documents.
McKinnon and her colleagues suggest that we view information governance “as a corporate objective, enabled by programs, projects, priorities, people and technology.” This aligns well with my recommendation to take a strategic approach to information governance.
Individuals calling themselves the “CyberCaliphate” hacked into the Twitter feed for the U.S. military’s Central Command last week, and for 40 minutes posted photos, links, and videos before the account was shut down. They also gained access to Central Command’s YouTube profile, updating the banner image and posting Islamic State propaganda videos. While no confidential or top secret information was stolen, and hackers did not gain access to the U.S. Department of Defense’s network, the incident illustrates the risks government agencies face as they increasingly rely on cloud services to fulfill their mission and communicate with the outside world.
In this episode of Digital Detectives, Sharon Nelson and John Simek interview Jason Baron about information governance, dark data, open government, and his role in The Decade of Discovery. Baron talks about the increasing amount of electronic data affecting the Freedom of Information Act (FOIA) and the discussion e-discovery experts need to have about providing public access to government records.
By Gibson Dunn In our Mid-Year E-Discovery Update , we reported that 2014 was shaping up to be the “year of technology” in e-discovery. The remainder of the year more than lived up to those expectations. Powerful new data analytics tools have become available for search and review, predictive coding pricing is becoming more accessible […]
According to a recent Cloud Security Alliance survey on cloud adoption practices and trends , large companies have more mature governance practices than their smaller peers. But across the board, fewer than half of companies surveyed have implemented controls like acceptable use policies for cloud, security awareness training programs, and cloud governance committees to create policies and monitor enforcement. Today, 72% of companies don’t even know the scope of shadow IT at their companies, but the majority understand shadow IT is not going away and must be managed.
I’m going to add to the IG definition war this week, by describing information governance as:
“A holistic strategy for using and managing information to meet business objectives. Information governance assures the quality of content and data, maximizes its value, and ensures that security, privacy, and life-cycle requirements are met”.
A review some of the basic concepts and terminology used in this article may be helpful before going further. It is also important to remember that ei-Recall is a method for measuring recall, not attaining recall. There is a fundamental difference. Many of my other articles have discussed search and review methods to achieve recall, but this one does not.
Everyone should know that in legal search analysis False Negatives are documents that were falsely predicted to be irrelevant, that are in fact relevant. They are mistakes. Conversely, documents predicted irrelevant, that are in fact irrelevant, are called True Negatives. Documents predicted relevant that are in fact relevant are called True Positives. Documents predicted relevant that are in fact irrelevant are called False Positives.
A colleague buttonholed me at the American Bar Association’s recent TechShow and asked if I’d visit with a company selling concept search software to electronic discovery vendors. Concept searching allows electronic documents to be found based on the ideas they contain instead of particular words. A concept search for “exploding gas tank” should also flag documents that address fuel-fed fires, defective filler tubes and the Ford Pinto. An effective concept search engine “learns” from the data it analyzes and applies its own language intelligence, allowing it to, e.g., recognize misspelled words and explore synonymous keywords.
It has long been known that subtle electronic fields and noises emitted by computers can reveal clues about your activity, a powerful spying method that can be done from a few feet away. These so-called “side-channel signals” can be collected by antennas or microphones and through analysis could reveal sensitive data such as encryption keys.