The struggles continue for Facebook. As you hopefully know by now, on Sept. 28, the social media giant announced a security breach affecting 50 million accounts. The breach involved the theft of password tokens that allow a user to stay signed in or to sign into numerous third party applications, such as Spotify, Instagram and Yelp, among thousands of others. We thought to take the opportunity with this most recent breach to remind you about best practices that can help
Continue Reading Yet Another Facebook Breach: Use this opportunity to get smart about your online privacy and security

Brian Eaton
Brian focuses his practice on technology law, specifically privacy and data security. He has experience in all aspects of the burgeoning privacy law field, including advising on international data transfer regulations. Brian was instrumental in the development of Taft’s Data Breach Recovery Plan.
GDPR: How is it Different from U.S. Law & Why this Matters?
This is part two of a multi-part look into the European Union’s General Data Protection Regulation (GDPR) and why U.S. companies need to be aware of the law and how it may impact their business. We will conclude the series with a webinar in 2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series. In this second part of our series, we think it is…
Continue Reading GDPR: How is it Different from U.S. Law & Why this Matters?
Delaware Data Breach Law: What to Know
Delaware has joined a growing number of states in updating and strengthening its data breach law. The new law expands the definition of what is considered personal information, requires companies to “implement and maintain reasonable security” for personal information in their possession, institutes a 60-day deadline for reporting the breach and mandates one year of free credit monitoring should a social security number be included in the breach. If your company has customers within the state of Delaware here a…
Continue Reading Delaware Data Breach Law: What to Know
GDPR: Why U.S. Companies Should Care
This is part one of a multi-part look into the EU’s General Data Protection Regulation (GDPR) and why U.S. companies need to concern themselves with an EU law, the difference from U.S. regulations and the different mechanisms available to comply. We will conclude this series with a webinar in 2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series.
The GDPR is a new privacy…
Continue Reading GDPR: Why U.S. Companies Should Care
Q&A: Ransomware Attack
A new cyberattack, that is very similar to the WannaCry ransomware virus, is spreading across Europe. Taft’s Technology group is closely monitoring the situation and has prepared the following short summary of questions and answers about ransomware attacks, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.
Q: I have been hit with a ransomware attack, what are my options?
A: You can pay the ransom with the hopes of getting your…
Continue Reading Q&A: Ransomware Attack
5 Cybersecurity Tips for In-House Counsel
Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 tips to make sure your company is prepared in case of an attack.
- Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your
…
Continue Reading 5 Cybersecurity Tips for In-House Counsel
HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million
The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.
Continue Reading HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million
St. Louis Cardinals Hacking Scandal: A Real-World Example of the Importance of Password Management
The saga surrounding the St. Louis Cardinals hacking scandal concluded with the issuance of a final punishment from MLB. The scandal stemmed from the actions of the former Cardinals scouting director Chris Correa, after he illegally accessed the e-mail accounts of members of the Houston Astros front office as well as their scouting database. The Cardinals were ordered to forfeit their top two selections in the upcoming 2017 amateur draft to the Astros and pay them two million dollars within…
Continue Reading St. Louis Cardinals Hacking Scandal: A Real-World Example of the Importance of Password Management
5 Tips for Training Employees in Effective Cybersecurity Practices
One overlooked aspect of cybersecurity is training for the employees at your company in proper data management practices. All of the technical measures that a company employs to guard against intrusions do not matter when an employee knowingly or unknowingly circumvents those measures. Proper training can help to reduce the number of incidents and lower your chances of suffering from a data breach.
- Password Management – Proper password management is key to any cybersecurity program. The technical barriers to entry
…
Continue Reading 5 Tips for Training Employees in Effective Cybersecurity Practices
OCR Penalizes Slow Data Breach Response
The Office of Civil Rights (OCR) first HIPAA settlement of 2017 is based on a failure to report a breach of health information in a timely manner. The settlement was reached with Presence Health, a large health care network that operates in approximately 150 locations in Illinois. Presence Health has agreed to settle the potential violations by paying a fine of $475,000 and implementing a corrective action plan to deal with this problem in the future.
The settlement stems from…
Continue Reading OCR Penalizes Slow Data Breach Response