Tag Archives: data privacy

ILN Today Post

Data Privacy and Cybersecurity: Communications with your cybersecurity consultant and forensic reports may now be protected

A recent ruling in Tennessee will prove key for cybersecurity litigation everywhere. In Genesco, Inc. v. Visa U.S.A., the court ruled that when cybersecurity consultants and forensic experts are engaged through counsel, the advice and forensic reports they give to a client are subject to attorney-client and work product privilege.

Specifically, in this one-to-watch case, the court denied Visa’s requests for analyses, reports, and communications made by two cybersecurity firms Genesco retained after it suffered a data breach, finding that those materials were protected by the attorney-client privilege and work product doctrine.

Read full article
ILN Today Post

“The Art of (Cyber) War: Cybersecurity Tactics for All Financial Institutions” Richik Sarkar and James Giszczak for Bloomberg BNA

As financial institutions of every type and size — national, regional and community banks, thrifts, mutuaIs, credit unions, and non-bank lenders — increase their collection of personal information about their customers and employees, they become larger targets for a data privacy incident. Financial institutions are truly in a cyber war and must fight this battle on four fronts: external threats, intentional misappropriation by rogue employees, data accidentally lost or misplaced, and vendor negligence; accordingly, proper tactics and strategy are essential for survival. 

Read full article
ILN Today Post

How to “crash test” the data protection system

By Riccardo Abeti, EXPLegal

There is a frequent error about the conviction that the privacy impact assessment (also known as Data Protection Impact Assessment DPIA but hereafter named just PIA) is a news introduced only by the prevision of European regulatory or by some member state regulation.

Actually the PIA, is the base of every “privacy assessment” from the beginning of privacy regulation, at least since 1996.

No information can be given, no consent can be freely expressed without a basic impact assessment.

So it’s mendacious to think literally that the PIA intervenes only “Where processing operations present specific risks to the rights and freedoms of data subjects”, according to the article 33, of the data protection regulatory draft.  More…

Read full article
ILN Today Post

Privacy & data security concerns in 2015, part 3: Mobility and fraud

In part one of this series, Gary Kibel and Richard Eisert, partners at Davis & Gilbert LLP, discussed privacy and data security concerns that arise from increasingly connected technology, and part two dissected similiar concerns in relation to data brokers and data synching. Now, Kibel and Eisert talk about the security and privacy issues inherent in mobile technology and the types of fraud that can arise in our wireless world.

“The FTC (Federal Trade Commission) is continually talking about mobile as an area of focus,” explains Eisert. “The FTC report on mobile e-commerce apps points out the failings, such as not providing privacy or opt-out features and not having consumer-friendly notice and choice mechanisms. Mobile is still in focus for the FTC. Disclosures that are easy to do on a computer are elusive and harder to do on mobile devices.” More…

Read full article
ILN Today Post

Privacy & data security concerns in 2015, part 2: Data brokers and data synching

n part one of this series, Gary Kibel and Richard Eisert, partners at Davis & Gilbert LLP, spoke about privacy and data security concerns that crop up when discussing the Internet of Things. Now, Kibel and Eisert discuss the concerns that arise when considering data brokers and data synchronization.

Kibel acknowledges that data brokers, those who collect information about people, with an eye toward selling or using it for demographic or other purposes, have data on just about every single person in the country. Still, regulators complain that there is a severe lack of transparency when it comes to these companies and their practices. The question remains– are they doing us any harm? More…

Read full article
ILN Today Post

Privacy & data security concerns in 2015, part 1: The Internet of Things

If the topics of privacy and data security were not already high priorities for most Americans, the events of 2014, with highly publicized breaches at a number of prominent companies, certainly shone a spotlight on the issue. But these topics are multifaceted, covering a wide range of subtopics, from connected devices to interactive advertising, from data brokers to Internet fraudsters.InsideCounsel recently sat down with Gary Kibel and Richard Eisert, partners at Davis & Gilbert LLP, to talk about the breadth of topics under the umbrella of privacy and data security. More…

Read full article
ILN Today Post

International Lawyers Network Forms Cybersecurity & Data Privacy Specialty Group

We’re excited to announce today that the ILN is forming a Cybersecurity and Data Privacy Specialty Group, which will be co-chaired by James Giszczak of McDonald Hopkins (Cleveland, Ohio) and Stuart Gerson of Epstein Becker & Green (Washington, DC). The group joins the ILN’s thirteen other practice and industry-focused specialty groups.

I have the opportunity to work closely with the chairs of our specialty groups as their facilitator, and I particularly enjoy working with lawyers who have a passion for their work, which Jim and Stuart certainly do in this area. I expect great things to come from the CDP guys and gals! 

Read full article
ILN Today Post

International Lawyers Network Forms Cybersecurity & Data Privacy Specialty Group

(PRLEAP.COM) New York (March 31, 2015) – On Tuesday, the International Lawyers Network announced the formation of their Cybersecurity & Data Privacy Specialty Group, which will be co-chaired by James Giszczak of McDonald Hopkins (Cleveland, Ohio) and Stuart Gerson of Epstein Becker & Green (Washington, DC). The group joins the ILN’s thirteen other practice and industry-focused specialty groups.

Both chairs are enthusiastic to push the group forward, with a goal of working together with the other members of the group to co-promote the combined strength and depth of expertise of its members, both domestically and internationally. A directory of ILN firms with Cybersecurity & Data Privacy expertise is already available on the ILN website (http://www.iln.com/groups_detail_159.htm). More…

Read full article
ILN Today Post

Data Privacy and Cybersecurity Alert: White House announces new cyber threat agency

Today, the White House formally announced it will create a new agency to combat cyber threats and coordinate digital intelligence among federal government agencies. The agency will be called the Cyber Threat Intelligence Integration Center and is being designed to “connect the dots” among cyber threats facing the United States, “so that relevant departments and agencies are aware of these threats in as close to real time as possible,” an official for the White House said. According to The Washington Post, the agency’s mission will be to fuse intelligence from around the government when a crisis occurs. This is the White House’s latest attempt to mount a defense against the rising threat of sophisticated hackers.

Read full article
ILN Today Post

Data Privacy and Cybersecurity Alert: What if the Personal Data Notification & Protection Act Passes?

On the immediate heels of the Sony hack (not to mention a few other sizeable breaches), the White House introduced the Personal Data Notification & Protection Act (PDNPA) as part of its agenda to further privatize data and improve cyber security. This is certainly not the first federal cyber security law to be proposed, but it is the only one to have the White House’s clear stamp of approval.

Comparing the PDNPA to some of the other proposed laws, there are clearly some similarities, but what is most striking about the proposed PDNPA are the key differences. For instance, if passed, the PDNPA would apply to a much broader set of information that the PDNPA defines as “sensitive personally identifiable information” (SPII). This, however, is not the only key difference.

In an effort to provide some much-needed clarification on the proposed law, we put together the following list of FAQs that address what would happen if the PDNPA passes.

Read full article