Photo of Brian Eaton

Brian focuses his practice on technology law, specifically privacy and data security. He has experience in all aspects of the burgeoning privacy law field, including advising on international data transfer regulations. Brian was instrumental in the development of Taft’s Data Breach Recovery Plan.

The struggles continue for Facebook. As you hopefully know by now, on Sept. 28, the social media giant announced a security breach affecting 50 million accounts. The breach involved the theft of password tokens that allow a user to stay signed in or to sign into numerous third party applications, such as Spotify, Instagram and Yelp, among thousands of others. We thought to take the opportunity with this most recent breach to remind you about best practices that can help
Continue Reading Yet Another Facebook Breach: Use this opportunity to get smart about your online privacy and security

This is part two of a multi-part look into the European Union’s General Data Protection Regulation (GDPR) and why U.S. companies need to be aware of the law and how it may impact their business.  We will conclude the series with a webinar in 2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series. In this second part of our series, we think it is
Continue Reading GDPR: How is it Different from U.S. Law & Why this Matters?

Delaware has joined a growing number of states in updating and strengthening its data breach law. The new law expands the definition of what is considered personal information, requires companies to “implement and maintain reasonable security” for personal information in their possession, institutes a 60-day deadline for reporting the breach and mandates one year of free credit monitoring should a social security number be included in the breach. If your company has customers within the state of Delaware here a
Continue Reading Delaware Data Breach Law: What to Know

This is part one of a multi-part look into the EU’s General Data Protection Regulation (GDPR) and why U.S. companies need to concern themselves with an EU law, the difference from U.S. regulations and the different mechanisms available to comply. We will conclude this series with a webinar in 2018 that will review the series and provide further insights and comments on any updates that may have occurred since the beginning of the series.

The GDPR is a new privacy
Continue Reading GDPR: Why U.S. Companies Should Care

A new cyberattack, that is very similar to the WannaCry ransomware virus, is spreading across Europe. Taft’s Technology group is closely monitoring the situation and has prepared the following short summary of questions and answers about ransomware attacks, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.

Q: I have been hit with a ransomware attack, what are my options?

A: You can pay the ransom with the hopes of getting your
Continue Reading Q&A: Ransomware Attack

Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 tips to make sure your company is prepared in case of an attack.

  1. Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your


Continue Reading 5 Cybersecurity Tips for In-House Counsel

The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.
Continue Reading HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million

The saga surrounding the St. Louis Cardinals hacking scandal concluded with the issuance of a final punishment from MLB. The scandal stemmed from the actions of the former Cardinals scouting director Chris Correa, after he illegally accessed the e-mail accounts of members of the Houston Astros front office as well as their scouting database. The Cardinals were ordered to forfeit their top two selections in the upcoming 2017 amateur draft to the Astros and pay them two million dollars within
Continue Reading St. Louis Cardinals Hacking Scandal: A Real-World Example of the Importance of Password Management

One overlooked aspect of cybersecurity is training for the employees at your company in proper data management practices. All of the technical measures that a company employs to guard against intrusions do not matter when an employee knowingly or unknowingly circumvents those measures. Proper training can help to reduce the number of incidents and lower your chances of suffering from a data breach.

  1. Password Management  Proper password management is key to any cybersecurity program. The technical barriers to entry


Continue Reading 5 Tips for Training Employees in Effective Cybersecurity Practices

The Office of Civil Rights (OCR) first HIPAA settlement of 2017 is based on a failure to report a breach of health information in a timely manner. The settlement was reached with Presence Health, a large health care network that operates in approximately 150 locations in Illinois. Presence Health has agreed to settle the potential violations by paying a fine of $475,000 and implementing a corrective action plan to deal with this problem in the future.

The settlement stems from
Continue Reading OCR Penalizes Slow Data Breach Response