Taft Appellate attorneys Jon Olivito and Michael Robertson recently wrote about a U.S. Court of Appeals for the Sixth Circuit decision that clarified the scope of conduct that could potentially expose any consumer business to immense liability.

In Thomas v. TOMS King (Ohio), LLC, No. 20-3977 (6th Cir. May 11, 2021), a consumer sued a defendant business alleging a violation of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). The plaintiff alleged the defendant had violated the
Continue Reading Sixth Circuit Helps Businesses by Joining Sister Circuits in Identity Theft Case

Guess what?  Last Thursday, the first Thursday in May, was World Password Day. Right? You didn’t even know it.  We in the Privacy and Data Security Practice Group thought it would be a perfect opportunity to talk about the importance of the most basic, but still effective way to safeguard your accounts and data. In the early days of the internet, a simple password was all you might need to adequately protect the one or two accounts you might have had. Your desktop login, your email, and maybe some early version of social media. Password security was taken so lightly; it wasn’t unusual for passwords to be stored in a plain text file on a desktop or on a sticky note at your desk. Those days are over. Well, they should be.
Continue Reading Celebrating World Password Day. Responsibly.

web appsThe Web hosts a vast array of applications, many of them critical for business operations, from office suites such as Google Docs, to email, calculators, spread sheets and data storage.

Nearly all mobile applications connect to the cloud, storing private business information, user names, passwords and other sensitive content. Employees tie into the Web with mobile device apps such as Google Maps, LinkedIn and Wink, which allows users to see from afar who is ringing the home doorbell or lets
Continue Reading Top Five Privacy Risks in Web Applications

Emailing A phishing attack is the leading type of data breach. Phishing is an e-mail fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from a recipient.

The logic behind this type of attack is a simple reliance on human error. Statistically, if enough e-mails are sent, a sufficiently large number of recipients, who are rushed or distracted, will fail to scrutinize the IP address. They will click on the
Continue Reading The Most Common Breach Incident and How an Incident Response Plan Could Save You

Northern Kentucky University’s Annual CyberSecurity Symposium
Oct. 9, 2015
NKY Mets Center
Matthew D. Lawless, presenter: “Considering Privacy and Data Security Harms.”

Technology First, 9th Annual Taste of IT Conference
Nov. 18, 2015
Sinclair Ponitz Center, Dayton, Oh
Diane D. Reynolds, panelist and Matthew D. Lawless, panel moderator.
“Cybersecurity Compliance: If it ain’t working for Anthem, Lifelock and Neiman Marcus, What am I Supposed to do for My Company?”

Indiana University Kelley School of Business’ “Indiana
Continue Reading Privacy and Data Security Attorneys Presenting at Three Upcoming Seminars

Far-reaching legislation that would establish new privacy and security protections for U.S. consumers has been introduced in Congress by a group of Democratic senators, including Patrick Leahy of Vermont and Elizabeth Warren of Massachusetts.

The Consumer Privacy Protection Act goes further than other federal data protection proposals by establishing stricter standards for notifying customers when their personal information is lost or stolen. It would cover private information beyond financial data that is typically already covered by state laws, such as
Continue Reading Is a U.S. Consumer Privacy Law Coming?

The Internet of Things goes by a deceptively simple title but includes a vast – and mushrooming – network of physical objects or “things” that connect to the Internet through embedded sensors, electronics and software, allowing them to exchange data with the operator of the object, its manufacturer or other connected devices.

Some are calling it the next stage in the information revolution, a way to make everything in our lives “smart,” from cars, roads and traffic control systems to
Continue Reading Internet of Things: A huge realm of opportunity — and risk

Despite a company’s best efforts, data security breaches happen.  Now the federal government is making it a little easier for businesses to manage the aftermath of identity theft and mitigate damages.  If your customers and/or employees are at risk or have fallen victim to identity theft, you can now send them to www.IdentifyTheft.gov.

The website is designed to help victims of identity theft manage the process of recovery.  For example, the website addresses what first steps to take, as
Continue Reading Managing the Aftermath of Identity Theft

One way to protect your business from financial loss, reputational damage, and the expense of regulatory scrutiny in the event of a data breach is to require your vendors, with access to your customer and employee personally identifiable information, to carry cyber insurance.

Many businesses routinely require their vendors to promise to indemnify them from any loss or expense arising out of the vendor’s goods or services. They also routinely require their vendors to maintain certain types and amounts of
Continue Reading Cyber Insurance: Why you should require certain vendors to have it

Threat Intelligence is, very simply, network defense techniques that leverage knowledge (i.e. intelligence and counter intelligence) about adversaries so that organizations can build a superior information base which decreases the chances of an attacker compromising their networks. Gartner more specifically defines it as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to the menace or hazard.”

Vulnerability
Continue Reading Threat Intelligence – What You Should Be Doing