Posts Tagged ‘privacy’

From Data to Dachau: Putting a Face on Data Privacy

From Data to Dachau: Putting a Face on Data Privacy

with the advent of data tools and technologies ranging from autoclassification to automation, it is more important now than ever that legal and information technology professionals consider not only the positive things that can be accomplished with data-centric technology, but that they also consider the potential misuse of data technology.


The New Information Governance Playbook for Addressing Digital Age Threats

The New Information Governance Playbook for Addressing Digital Age Threats

Published in the Richmond Journal of Law & Technology, The New Information Governance Playbook for Addressing Digital Age Threats by Philip Favro, Donald Billings, David Horrigan, and Adam Kuhn provides actionable information for assessing and addressing cyber threats.


Deeper Dive: Vendor Management Crucial for Data Protection

Deeper Dive: Vendor Management Crucial for Data Protection

Organizational obligations regarding data privacy and security extend not only to the data in a company’s possession, but also to its data in the possession of a third-party service provider or business partner.


What Is Auto-Classification and How Does It Assist with GDPR Compliance?

What Is Auto-Classification and How Does It Assist with GDPR Compliance?

Auto-Classification’s ability to group information by category or by specific characteristics will prove useful for GDPR compliance. Similarly, Auto-Classification’s ability to detect the presence of PII and other sensitive content will likely become a best practice when it comes establishing GDPR protections.


Cybersecurity a Pain Point for Plaintiffs

Cybersecurity a Pain Point for Plaintiffs

Enhanced cybersecurity is a rising tide that floats all boats. But, let me reveal who’s likely to get swamped by this rising tide: requesting parties (or, as corporations call them “plaintiffs’ lawyers”), and their experts and litigation support providers.


Shields Up? A Short List of Privacy Shield Certified eDiscovery Providers

Shields Up? A Short List of Privacy Shield Certified eDiscovery Providers

The following short list of companies highlights eDiscovery providers that have been certified with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks. The frameworks were designed to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.


Securing Client Communications: ABA Issues New Ethics Opinion on Attorney-Client Email

Securing Client Communications: ABA Issues New Ethics Opinion on Attorney-Client Email

This opinion sends a clear signal that law firms have to pay attention to the security of email and other client communication.


Why You Need to Prepare for the GDPR Now

Why You Need to Prepare for the GDPR Now

The GDPR legislation is complex and far-reaching, laying out some specific mandates for businesses. It compels businesses to securely collect and store — as well as more diligently use — the personal data of consumers in 28 EU member states. This will also include the UK, which will maintain equivalent laws post-Brexit.


A 12 Step Approach to General Data Protection Regulation (GDPR) Compliance

A 12 Step Approach to General Data Protection Regulation (GDPR) Compliance

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently. It is important to use this checklist and other Information Commissioner’s Office (ICO) resources to work out the main differences between the current law and the GDPR.


95% of Organizations Have Employees Seeking to Bypass Security Controls

95% of Organizations Have Employees Seeking to Bypass Security Controls

Employees using private VPNs and Tor on an enterprise network are typically trying to hide their actions and do something that will not be detected by the organization’s security controls, he says. “Security bypass is the first step towards data theft or other destructive behavior,” Koo says.


U.S. Secretary of Commerce Announces Swiss-U.S. Privacy Shield Framework is Open for Business

U.S. Secretary of Commerce Announces Swiss-U.S. Privacy Shield Framework is Open for Business

Today [Wednesday, April 12, 2017], U.S. Secretary of Commerce Wilbur Ross announced that the newly launched Swiss-U.S. Privacy Shield Framework is now accepting self-certifications. The Framework provides companies a mechanism to comply with Swiss data protection requirements when transferring personal data from Switzerland to the United States in support of transatlantic commerce.


Swiss-U.S. Privacy Shield FAQs

Swiss-U.S. Privacy Shield FAQs

When can an organization self-certify to the Swiss-U.S. Privacy Shield? Starting April 12, 2017, organizations can self-certify to the Swiss – U.S. Privacy Shield Framework.


First EU-US Privacy Shield Annual Review to Take Place in September 2017

First EU-US Privacy Shield Annual Review to Take Place in September 2017

The inaugural annual review into the operation of the EU-US Privacy Shield is to take place in September this year. EU justice commissioner Věra Jourová confirmed the timing of the review in a speech in Washington late last week.


The Laziest, Cheapest Way to Circumvent Your Snooping ISP

The Laziest, Cheapest Way to Circumvent Your Snooping ISP

Congress decided that your ISP should be allowed to sell off your private browsing data, but the solutions to get around this are a bit complicated, costly, or just a pain.


How AI Is Transforming the Workplace

How AI Is Transforming the Workplace

AI is also beginning to help managers peer into personal aspects of job performance that used to be left up to managers’ instincts and observations.


The Cloud Controls Matrix Working Group – Cloud Security Alliance®

The Cloud Controls Matrix Working Group - Cloud Security Alliance®

The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.


10 Recommendations to Reduce Cyber Risk in the Cloud

10 Recommendations to Reduce Cyber Risk in the Cloud

When choosing a cloud service provider, it’s vital that the datacenter physically reside in a region or country in which data handling and storing legislation is favorable to your company’s business interests.


Court Rejects Overly Broad Request For Forensic Imaging Of Plaintiff’s Personal Computers

Court Rejects Overly Broad Request For Forensic Imaging Of Plaintiff’s Personal Computers

The takeaway from this case – which surveys a number of cases from other jurisdictions – is that blanket requests for forensic imaging probably will not be approved without very specific parameters that describe the relevance of the information, the precise method for obtaining it, and the reason that the information cannot be obtained elsewhere.


JPMorgan Software Does in Seconds What Took Lawyers 360,000 Hours

JPMorgan Software Does in Seconds What Took Lawyers 360,000 Hours

At JPMorgan Chase & Co., a learning machine is parsing financial deals that once kept legal teams busy for thousands of hours.


Are Cyber Lawyers Poised to Play Bigger Role in M&A?

Are Cyber Lawyers Poised to Play Bigger Role in M&A?

Kornbacher thinks privacy lawyers are poised to take on a bigger role in M&A deals, particularly during the due diligence phase.


Why US Companies Must Prepare for the EU’s New Data Security Laws

Why US Companies Must Prepare for the EU’s New Data Security Laws

Many US companies may not realize that they might also have to comply with this new EU data security regulation. That’s because the GDPR applies to any business that holds data about, or which markets to individuals within the EU.


Microsoft E-Mail Fight With U.S. May Be Headed to Top Court

Microsoft E-Mail Fight With U.S. May Be Headed to Top Court

The Electronic Communications Privacy Act of 1986, a law passed before the widespread use of e-mail, instant messages and Internet-based social networks, doesn’t permit courts to require U.S.-based Internet service providers to turn over customer e-mails stored on servers outside the country.


Swiss-U.S. Privacy Shield Finalized

Swiss-U.S. Privacy Shield Finalized

On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland.


2016 Year-End E-Discovery Update

2016 Year-End E-Discovery Update

On the e-discovery vendor front, the pace of consolidation of large service providers in 2016 was unprecedented compared to prior years.