Category Archives: Privacy & Information Management

The C-Suite’s Perspective on Cybersecurity and Liability

Recently, IBM surveyed more than 700 C-Suite executives in 18 industries and 28 countries about their views on cybersecurity.  Ninety-four percent of those interviewed believe that their respective companies will experience a cybersecurity incident in the next two years. Despite such widely-held acceptance of the inevitability of an incident, only sixty-five percent of C-Suite executives expressed a confidence in their cybersecurity plans. Sixty percent of the Chief Finance, HR, and Marketing Officers surveyed expressed their feeling that they are the least involved in cybersecurity measures, even though they are the individuals responsible for data most coveted by cybercriminals. Another takeaway …

[ CONTINUE READING ]

Bring Your Own Device (BYOD) – Be Smart

At the dawn of portable electronic devices, they were primarily work-related productivity tools.  Often, employers would purchase (or lease) devices and distribute them to their need-to-have employee base.  It’s not so long ago that we can remember when the Blackberry transitioned from a business device to a consumer device.  Everybody wanted a Blackberry (weren’t those the days for RIM?) and free email providers like Yahoo and Gmail offered accessibility of their email content through the Blackberry. Then, mobile devices got smart.  They became phones and productivity tools and the footprint shrunk from two devices to one.  One smart device that …

[ CONTINUE READING ]

Encryption: Ensuring the Right to Privacy in the Information Age?

On December 2nd, 2015, a tragic mass shooting occurred in San Bernardino, California. The attack resulted in 14 deaths and severe injuries to 22 others. The attackers, a married couple, targeted the husband’s workplace – the Department of Public Health. After the shooting the couple fled the scene of the crime, but the police eventually caught up with them. The couple was subsequently killed in a shootout. As part of the FBI investigation, an Apple iPhone became the center of a security showdown between the Silicon Valley giant and the federal government. The Apple iPhone 5C, a work-issued phone given …

[ CONTINUE READING ]

Cyber Insurance: Common Pitfalls of the Insured

As we have noted in a number of recent posts, tech companies need cyber insurance. The risk of not having it is simply not worth it.  But cyber insurance policies can be confusing to understand because the policies vary depending on your type of business, business needs, and how your customers are serviced. Some companies might need a combination of cyber policies in order to have complete cyber insurance coverage. It is very important to do your due diligence, think critically about the cyber insurance needs of your company, and find a policy that covers all of your company’s cyber …

[ CONTINUE READING ]

Outsourcing Lessons from an “Uber” Uber-Rider

In July 2015, my 12-year-old SUV, with 220,000 miles, finally breathed its last breath.  It was time for me to buy a new car.  But, instead, I decided to try a little personal experiment with the “sharing economy.”  Based on a back-of-the-napkin calculation, I determined that it might actually be cheaper to completely outsource my driving to Uber (or its competitor, Lyft).  Using a source like Edmunds.com, it’s easy to find out the “true cost of ownership” of any car you might have your eye on.  Looking at comparable replacement vehicles, my “true cost to own”– fees, fuel, insurance, maintenance …

[ CONTINUE READING ]

Revisiting Cyber Insurance: Are You Covered?

Increasingly, companies are looking to insurance to help manage their cybersecurity risks and defray losses sustained from data breaches.  Losses can range from reputational damage, business interruption, and professional fees for computer forensic services and attorneys to handle regulatory inquiries or lawsuits.  In the event of a data breach or other cyber incident, recent rulings suggest that traditional insurance policies, like a company’s Commercial General Liability Policy (CGL), may provide coverage, or, at the very least, a defense to lawsuits spawned by cyber events. How do you know if you are covered under traditional policies?  First, carefully review the language …

[ CONTINUE READING ]

Will Privacy Enforcement Actions Impact “Reasonable” Security Measures Needed to Protect Trade Secrets?

In widely-publicized, contested privacy cases last year, the FTC advocated in favor of a high baseline for information security measures.  Among the security practices attacked by the FTC as critical mistakes by companies suffering data breaches: Storing sensitive data in readable text; Any system that permits the use of easily-guessed passwords; Failure to use firewalls between internal systems, the corporate network and the Internet; Lack of adequate administrative security policies and procedures; Failure to adequately restrict third-party vendors from network and corporate servers; Failure to employ reasonable measures to detect and prevent unauthorized access; and, Failure to follow proper incident …

[ CONTINUE READING ]

Erin Andrews Jury Sends Hoteliers a $55 Million Dollar Reality Check

“Privacy law” continues to evolve in the face of ever-advancing technology. Legislative bodies, administrative agencies, courts, tech companies, and a host of other interests are working to innovate, keep pace with, or catch up. Even the First Amendment, which has been interpreted by courts, lawyers, and scholars for hundreds of years, and, which stands as a counter-balance to the right of privacy, is being tested in new ways. But the recent trial involving Erin Andrews highlights that, sometimes, privacy issues are simple, and businesses need to implement common sense policies or face potentially costly outcomes. A Nashville jury recently handed …

[ CONTINUE READING ]

Cyber Insurance: Make Sure You Understand Your Coverage

Today, businesses are increasingly purchasing cyber-specific insurance in an effort to mitigate the financial impact of a breach or other cybercrime.  In terms of what might be covered in a cyber insurance policy, there are basically two types of coverage – “first party” coverage and “third-party” coverage.  First party coverage covers the types of losses that your company might suffer directly in the event of a data incident.  That may include losses, some of which may be covered and some not, such as data destruction, denial of service attacks, incident response, crisis management, public relations, forensic investigation, remediation, breach notifications, …

[ CONTINUE READING ]

The Internet of Things and the FTC – Don’t Be the Test Case

Kevin Ashton, an expert on digital innovation, stated 15 years ago that, “If we had computers that knew everything there was to know about things—using data they gathered without any help from us—we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best.”  We are a lot closer to that reality now than when Mr. Ashton first wrote those words. As most people know by now, the Internet of Things is the ever-more-present future in which everyday objects …

[ CONTINUE READING ]