Addressing Data Breaches During Due Diligence – What is a Buyer (and Seller) to do?

Taft Business & Finance attorneys Jim Butz and Caroline Thee recently published an article on data breaches becoming increasingly problematic during the due diligence stage of transactions. The article addresses what a buyer (and a seller) should do when investigating a target’s exposure to unauthorized access to data or other proprietary information. Read the article here.… Read More

What should I be doing to better manage the risk of a data breach?

As we gather at this time of year to express our gratitude for those people and things most important in our lives, perhaps one of the things on that list at work is that you have not suffered through a security incident or breach this past year, or ever. Indeed, this is reason to be thankful! However, when it comes to privacy and security incidents, it is not a matter of IF but WHEN. So be grateful for your good … Read More

Cybersecurity: An Affirmative Defense to Ohio Data Breach Negligence Claims

Ohio is poised to lead the nation by incentivizing businesses to implement certain cybersecurity controls, which can be an affirmative defense to a data breach claim based on negligence. Under the proposed legislation, if a business is sued for negligently failing to implement reasonable information security controls resulting in a data breach, the business can assert its compliance with the cybersecurity control as an affirmative defense at trial.

For years we have counseled our clients to implement a comprehensive data … Read More

DSS Directs Federal Government Contractors to Stop Using Products Made by AO Kaspersky Lab

You may have heard news recently that federal government agencies were directed to stop using products made by the computer security vendor Kaspersky Lab because of potential security risks from links between Kaspersky officials and the Russian government. The directive was issued by the U.S. Department of Homeland Security (DHS) Secretary Elaine Duke on Sept. 13, 2017.

Kaspersky products have broad access to files and elevated privileges on the computers on which they are installed. As a result, the DHS … Read More

Upcoming Seminar: Cybersecurity for Defense Contractors and Manufacturers

Join Taft attorneys Barbara Duncombe and Bill Wagner for a complimentary seminar on the DoD cybersecurity regulations on Oct. 18 at Taft’s Indianapolis office. They will participate in an informal, interactive discussion with Richard Banta and Alex Carroll from Lifeline Data Centers and Josh Griswold and Joe Turek from Chubb concerning recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies. Click here to register.

Topics will include:

  • Final preparations to ensure compliance with DoD’s
Read More

What Are A Defense Contractor’s Reporting Obligations When An Employee May Be Stealing Trade Secrets?

The recent sentencing of a former Boeing engineer for stealing trade secrets raised the question of whether a defense contractor has a duty to notify the Department of Defense (DoD) under the Safeguarding Covered Defense Information and Cyber Incident Reporting Regulation (DFARS 252.204-7012), when the contractor has knowledge that an employee may be stealing trade secrets.

1. The Sentencing of Mr. Justice for Economic Espionage and AECA and ITAR Violations.

Former Boeing Satellite Systems’ engineer and long-time employee Gregory Allen … Read More

GDPR: How is it Different from U.S. Law & Why this Matters?

This is part two of a multi-part look into the European Union’s General Data Protection Regulation (GDPR) and why U.S. companies need to be aware of the law and how it may impact their business.  We will conclude the series with a webinar on Jan. 17, 2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series. In this second part of our series, we think … Read More

Delaware Data Breach Law: What to Know

Delaware has joined a growing number of states in updating and strengthening its data breach law. The new law expands the definition of what is considered personal information, requires companies to “implement and maintain reasonable security” for personal information in their possession, institutes a 60-day deadline for reporting the breach and mandates one year of free credit monitoring should a social security number be included in the breach. If your company has customers within the state of Delaware here a … Read More

GDPR: Why U.S. Companies Should Care

This is part one of a multi-part look into the EU’s General Data Protection Regulation (GDPR) and why U.S. companies need to concern themselves with an EU law, the difference from U.S. regulations and the different mechanisms available to comply. We will conclude this series with a webinar on Jan. 17,  2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series.

The GDPR is a … Read More

Phone Hacked? Personal images stolen? 3 Essential Tips to Help You Respond Quickly

In the unfortunate event that your privacy has been breached and personal images have been stolen, there are several steps that can be taken to have this content removed from the internet. It is important that the following processes are initiated quickly. Once content is on the internet, it can spread quickly and make this process much more difficult and time consuming.

Here is a brief example to show how quickly an image can spread, increasing the difficulty in removing … Read More

LexBlog