Category Archives: Data Security

Autonomous Vehicles and All That Data

In an earlier post, we discussed the potential ownership models for autonomous vehicles, also known as driverless cars (“AVs”). Models range from true traditional ownership as we understand it today, to licensed-based models (vehicles owned by someone else but you can use them on an exclusive or non-exclusive basis), to service-based models (you do not own the vehicle, but you can call it when you want it, e.g. cab, Uber).  In this post we will explore the data-intensiveness of autonomous vehicles, the impending data “land grab,” and who will own and control all of the data generated by AVs. An …

[ CONTINUE READING ]

Cyber Security and Social Engineering: A Big Low Tech Problem

Headline-grabbing cyber hacks of email accounts belonging to celebrities, corporations, government officials and political campaigns are becoming the norm.  Cybersecurity intended to guard against these acts brings to mind high tech computer hardware and software fixes delivered by knowledgeable IT professionals, who are expected to prevent network intrusions, stolen passwords, viruses, ransomware attacks and other hacks. But the most recent notable cyber hacks were not caused by high tech espionage.  Rather, they were the product of low tech social engineering – the use of deception to manipulate users into divulging confidential passwords and other personal information.  This kind of hack …

[ CONTINUE READING ]

The Anthem Breach – A Retrospective (Part II)

We published Part I of our “Anthem Breach Retrospective” in January 2017.  Coincidentally, at around the same time several plaintiffs in one of the earliest filed cases arising out of the Anthem data breach voluntarily asked a judge in the Northern District of California to dismiss their lawsuits. The requests for dismissal came after Judge Cousins ordered select plaintiffs to comply with a discovery request by Anthem, requiring them to submit their computers to an independent forensic examiner to determine whether malware caused data or credentials to be stolen from the plaintiffs’ computers even before the breach of Anthem’s systems. …

[ CONTINUE READING ]

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014.  The number of complaints that year had spiked up compared to 2013: around a 25% increase.  This post will examine key cases from 2015 and 2016.  While the number of complaints in 2015 was relatively steady with 2014, it appears, based on preliminary numbers, that 2016 was the busiest year ever for the Office. HHS has data through November 2016 currently posted on its website, but no …

[ CONTINUE READING ]

The Anthem Breach – A Retrospective

Many people and news outlets have opined, weighed in, and informed the public about the 2015 Anthem breach. It remains a hot topic in January 2017, because it currently lines up with other hot stories about hacking ordered by foreign governments.  But even before the Anthem breach was linked to one of the biggest issues of the 2016 election cycle, it was an important data incident, for several reasons. Why was the Anthem breach important at that time? The Anthem breach was notable because it was the first major data breach that potentially involved protected health information. Media coverage about …

[ CONTINUE READING ]

Legal Considerations for Website Privacy Policies

You finally created your website. Did you include eye-catching graphics? Check. Did you include an attention-grabbing banner slogan? Did you post all of your social media handles? Did you include a privacy policy for the website? Maybe… We get questions from clients about whether they are required to include a privacy policy and, if so, what should it say.  The answers may surprise you, but a privacy policy should definitely not be an afterthought for website owners.  It certainly isn’t a best practice to simply copy and paste the privacy policy of another’s company’s website.  The representations made in website …

[ CONTINUE READING ]

Policing Internet Privacy: FCC’s New Frontier

Unwilling to be left behind by the likes of Google and Facebook, Internet Service Providers are increasingly exploring how they may capitalize on the high-value targeted advertising market.  In November 2016, AT&T explained that targeted advertising is a major contributor behind its bid to buy Time Warner Inc. for $85 billion.  AT&T is not alone.  In 2015, Comcast acquired an ad-targeting firm, Visible World, in what has been widely viewed as an effort to gain stronger footing in the industry.  Another major mobile carrier recently came under fire following its acquisition of a name-brand ISP for sharing information about users …

[ CONTINUE READING ]

The C-Suite’s Perspective on Cybersecurity and Liability

Recently, IBM surveyed more than 700 C-Suite executives in 18 industries and 28 countries about their views on cybersecurity.  Ninety-four percent of those interviewed believe that their respective companies will experience a cybersecurity incident in the next two years. Despite such widely-held acceptance of the inevitability of an incident, only sixty-five percent of C-Suite executives expressed a confidence in their cybersecurity plans. Sixty percent of the Chief Finance, HR, and Marketing Officers surveyed expressed their feeling that they are the least involved in cybersecurity measures, even though they are the individuals responsible for data most coveted by cybercriminals. Another takeaway …

[ CONTINUE READING ]

Encryption: Ensuring the Right to Privacy in the Information Age?

On December 2nd, 2015, a tragic mass shooting occurred in San Bernardino, California. The attack resulted in 14 deaths and severe injuries to 22 others. The attackers, a married couple, targeted the husband’s workplace – the Department of Public Health. After the shooting the couple fled the scene of the crime, but the police eventually caught up with them. The couple was subsequently killed in a shootout. As part of the FBI investigation, an Apple iPhone became the center of a security showdown between the Silicon Valley giant and the federal government. The Apple iPhone 5C, a work-issued phone given …

[ CONTINUE READING ]

Cyber Insurance: Common Pitfalls of the Insured

As we have noted in a number of recent posts, tech companies need cyber insurance. The risk of not having it is simply not worth it.  But cyber insurance policies can be confusing to understand because the policies vary depending on your type of business, business needs, and how your customers are serviced. Some companies might need a combination of cyber policies in order to have complete cyber insurance coverage. It is very important to do your due diligence, think critically about the cyber insurance needs of your company, and find a policy that covers all of your company’s cyber …

[ CONTINUE READING ]