Photo of Scot Ganow

Scot is a partner in Taft’s Dayton office, and chair of the firm’s Privacy and Data Security Practice.  As a former chief privacy officer and leveraging more than ten years of management and compliance experience in Fortune 500 companies, Scot brings a diverse business background to his privacy and data security practice. Scot has represented clients in a variety of sectors, including consumer reporting, construction, healthcare, and manufacturing.

I am often asked by clients and my partners alike, “What is the #1 thing companies should be doing to secure their data and systems?” Usually when I get requests to boil down everything involved in my practice area to one topic, I balk. And for good reason. However, this one is easy.

Multi-Factor Authentication or “MFA.” 


Continue Reading Multi-Factor Authentication (MFA). Please. Do it. Now.

The European Commission has finally released the first updates to the standard contractual clauses (SCCs) required for certain cross-border transfers in more than 10 years. The new SCCs include versions for use between processors and controllers, as well as one for transfers to third countries.  These new SCCs mark the first change in such clauses since 2010 and in view of the Court of Justice of the European Union’s decision in  Schrems II.

We will write more on this
Continue Reading Europe Commission Releases Updated Standard Contractual Clauses for GDPR Compliance

The White House issued this memorandum to corporate executives and business leaders this week in which it stresses the need for urgent vigilance in implementing many of the best information security best practices we commonly discuss on our Privacy and Data Security Insights blog.  The memo contains good information that any business of any size should consider and implement as quickly as possible to bolster its defenses to what has been an onslaught of ransomware attacks in the past year.  

Continue Reading White House Memo Stresses Need For Vigilance in Defending Against Ransomware Attacks

Taft Appellate attorneys Jon Olivito and Michael Robertson recently wrote about a U.S. Court of Appeals for the Sixth Circuit decision that clarified the scope of conduct that could potentially expose any consumer business to immense liability.

In Thomas v. TOMS King (Ohio), LLC, No. 20-3977 (6th Cir. May 11, 2021), a consumer sued a defendant business alleging a violation of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). The plaintiff alleged the defendant had violated the
Continue Reading Sixth Circuit Helps Businesses by Joining Sister Circuits in Identity Theft Case

In response to recommendations contained in the Solarium Commission report and the Solar Winds cybersecurity incident, President Biden issued an Executive Order on May 12, 2021, outlining new requirements for information technology providers that do business with the federal government. The purpose of the requirements are to protect federal networks from malicious cyber-attacks and to improve information-sharing between the U.S. government and the private sector on cyber issues, thereby strengthening the United States’ ability to respond to incidents when they
Continue Reading Strengthening U.S. Cyber Security – New Executive Order

Guess what?  Last Thursday, the first Thursday in May, was World Password Day. Right? You didn’t even know it.  We in the Privacy and Data Security Practice Group thought it would be a perfect opportunity to talk about the importance of the most basic, but still effective way to safeguard your accounts and data. In the early days of the internet, a simple password was all you might need to adequately protect the one or two accounts you might have had. Your desktop login, your email, and maybe some early version of social media. Password security was taken so lightly; it wasn’t unusual for passwords to be stored in a plain text file on a desktop or on a sticky note at your desk. Those days are over. Well, they should be.

Continue Reading Celebrating World Password Day. Responsibly.

Over the years on Taft’s Privacy and Data Security Insights, we have written on the risk of data breaches and the specific impact on privacy, or the compromise of confidentiality of personally identifiable information. However, many clients forget to also consider the value in other information they possess, specifically proprietary information, information subject to trade secret, and intellectual property. Today we will discuss how failing to account for intellectual property in your data security program can be costly, especially in the event of a data breach.

Intellectual property and specifically patent protection is a critical component for the success of many U.S. businesses, both large and small. As the desire to obtain patent protection grows, so too does the occurrence of data theft and other data breaches.  Therefore, companies need to know whether an invention is still patentable if the propriety information underlying the invention is the subject of a data breach or other cyber security failure. The question applies whether a data breach is accidental or malicious and whether it is perpetrated by an outside source or by an employee of the company.  The answer is the same: the patent rights are likely forfeited.


Continue Reading Data Breaches Ain’t Just About Privacy: Risking the Loss of Patent Rights by Data Breach with Subsequent Disclosure

Last month we discussed California’s Proposition 24, called the California Privacy Rights Act (“CPRA”), and that California voters approved the CPRA on November 3, 2020.  The CPRA amends the California Consumer Privacy Act (“CCPA”), which the final regulations of the CCPA were only recently approved by Attorney General Xavier Becerra in August, 2020. The CPRA makes a few substantial changes to the CCPA, such as additional rights to consumers, additional obligations on businesses that apply to the CPRA, an increased focus on “sharing” information for behavioral advertising, and the creation of a new governing entity to enforce the CPRA. The CPRA is set to become effective on January 1, 2023.  Until then, the CCPA will remain in full force and effect.
Continue Reading Meet the California Privacy Rights Act (CPRA): California Voters Approve Additional Consumer Rights and Business Obligations

In the midst of an unprecedented presidential campaign, you might have missed that California’s Proposition 24, also called the California Privacy Act (CPRA), was poised to amend the California Consumer Privacy Act (CCPA) a mere three months after Attorney General Xavier Becerra approved the final regulations for the CCPA.

On November 3, California voters approved the CPRA by a count of 56% (YES) to 44% (No). In July, we discussed the CPRA’s proposed changes to the CCPA, such as
Continue Reading California Voters Approve California Consumer Privacy Act; Amendments to CCPA

Taft partner Scot Ganow will be one of the presenters for “What we wish clients would do about business email compromise,” on Oct. 29, 2020. The one-hour seminar brings together cybersecurity and risk management professionals to examine business email compromise including a real-world case study, the ramifications of an attack, and how to arm your business against would-be opportunists.

Register to attend here.
Continue Reading Taft Partner to Speak on Business Email Compromise