Photo of Taft Law

ponemon-institutePreparing for a breach can greatly reduce the cost of a breach according to the Ponemon Institute. Thus, insurers reward those organizations who have taken preparatory steps and implemented defensive measures such as an incident response plan and designated a team to execute that plan. An incident response plan will identify the actions that should be taken when a data incident occurs. Having an incident response plan can result in lower premiums.

Since securing cyber liability insurance is now a
Continue Reading How an Incident Response Plan Can Reduce Your Cyber Insurance Costs

Ben-FranklinFire prevention elements played a large role in the planning of Philadelphia; streets were wider than average and brick and stone were common building elements. Despite these preventive measures and the efforts of firefighters, fires did still occur. Benjamin Franklin began to study this situation and stated “About this time I wrote a paper…on the different accidents and carelessness by which houses were set on fire, with cautions against them, and means purposed of avoiding them.” In 1736 Franklin and
Continue Reading Why Benjamin Franklin Would Want to See Your Incident Response Plan

The Article 29 Working Party recently issued a statement regarding the CJEU Max Schrems Safe Harbor case. It announced that the European Union and the United States will have until the end of January 2016 to find a political, technical, or legal solution to the now invalidated Safe Harbor agreement for transfer of data from the E.U. to the U.S.

The Working Party noted, however, that such transfers that are still taking place under the Safe Harbor after the CJEU
Continue Reading Article 29 Working Party Gives U.S./E.U. Time to Find Safe Harbor Alternative

Emailing A phishing attack is the leading type of data breach. Phishing is an e-mail fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from a recipient.

The logic behind this type of attack is a simple reliance on human error. Statistically, if enough e-mails are sent, a sufficiently large number of recipients, who are rushed or distracted, will fail to scrutinize the IP address. They will click on the
Continue Reading The Most Common Breach Incident and How an Incident Response Plan Could Save You

SECHere are six lessons you can start using today from the SEC’s Investment Management Division guidance on protecting confidential information from cybersecurity risks.

Background
The staff of the Investment Management Division of the U.S. Securities and Exchange Commission (“Staff”) recently issued guidance to both registered investment companies (“funds”) and registered investment advisers (“advisers”) regarding the ever present cybersecurity risks these entities face and measures they might adopt to protect the confidential and sensitive information that they collect, maintain, transfer, and
Continue Reading Six Steps to Reduce Your Cybersecurity Risk

speedAll companies have employee, proprietary, financial and other sensitive data that require protection. Human error is still one of the most common causes of a data breach and that is very difficult, if not impossible, to completely eradicate.  Moreover, with the recent release of the Yates Memorandum from the Department of Justice (“DOJ”), the DOJ is emphasizing best practices when dealing with individuals in connection with corporate wrongdoing.  To quote my colleague, Jackie Bennett, “…now is the time to
Continue Reading Why Do You Need an Incident Response Plan?

Far-reaching legislation that would establish new privacy and security protections for U.S. consumers has been introduced in Congress by a group of Democratic senators, including Patrick Leahy of Vermont and Elizabeth Warren of Massachusetts.

The Consumer Privacy Protection Act goes further than other federal data protection proposals by establishing stricter standards for notifying customers when their personal information is lost or stolen. It would cover private information beyond financial data that is typically already covered by state laws, such as
Continue Reading Is a U.S. Consumer Privacy Law Coming?

The Internet of Things goes by a deceptively simple title but includes a vast – and mushrooming – network of physical objects or “things” that connect to the Internet through embedded sensors, electronics and software, allowing them to exchange data with the operator of the object, its manufacturer or other connected devices.

Some are calling it the next stage in the information revolution, a way to make everything in our lives “smart,” from cars, roads and traffic control systems to
Continue Reading Internet of Things: A huge realm of opportunity — and risk

Google recently sent out a letter to users of its AdSense, DoubleClick for Publishers, and DoubleClick Ad Exchange products.  It looked like this:

Dear Publisher,

We want to let you know about a new policy about obtaining EU end-users’ consent.
It clarifies your duty to obtain end-user consent when you use products like Google
AdSense, DoubleClick for Publishers, and DoubleClick Ad Exchange . . .
Please ensure that you comply with this policy as soon as possible, and
not later

Continue Reading Getting Compliant With the EU Cookie Law

computer-codeWe strongly encourage companies possessing or transmitting personally identifiable information (PII), protected health information (PHI), financial or other sensitive data, including trade secrets, to use encryption. Why?  Because, if employed properly, it is both effective and legally defensible.

So what is encryption?

Encryption is a type of information security. It involves the coding and decoding of messages in order to protect private content from third parties. In its earliest form, encryption was essentially letter substitution (e.g., substituting the letter “a”
Continue Reading Encryption as a Legal Defense