By Corporate Law Practice Group
As a business owner, you’ve heard a lot about the European Union’s General Data Protection Regulation (GDPR). April 16, 2022, marks the six year anniversary of its enactment. It has become a model for data privacy laws around the globe.
GDPR applies to any entity anywhere that processes personal data of individuals located in the European Economic Area (EEA). Non-European companies, including those in the U.S., must also comply with its stringent requirements.
By contrast, the U.S. has no national data privacy statute. Data privacy in the U.S. is governed by a patchwork of federal statutes and regulations (e.g., HIPAA) and state laws (e.g., the California Consumer Privacy Act). Additionally, every state has its own data breach notification law. The result is that when a business with customers in the U.S. experiences a data breach, it has to determine its obligations in multiple jurisdictions. An online retailer has to identify its obligations under the myriad laws of all 50 states plus Washington, D.C., Guam, Puerto Rico, and the Virgin Islands.
Different states’ data breach notifications laws contain similar features, but there are numerous variations. Common requirements include notifications to affected individuals, state attorney general offices, and credit reporting agencies. However, the timing, content, and method of these notifications varies from state to state. Some states, including Missouri, require notice to affected individuals “as expeditiously as possible.” Other states set a hard deadline, such as Alabama’s 45-day rule. Indiana allows business to notify their customers via email; Illinois does not (without prior customer consent). North Carolina requires notice to the Attorney General’s Office if a breach affects even one person, but Arizona only requires notification if at least 1,000 Arizonans are affected.
Even the definitions of “personally identifiable information” and “breach” are not universal. To make things more difficult, states frequently update their statutes. In 2021 alone, at least 22 states introduced or considered measures to amend existing security breach laws. Continue reading »
03/24/22 3:38 PM
Cybersecurity, Data Privacy, Digital Media | Comments Off on Happy 6th Anniversary, GDPR! |
Permalink
Happy 6th Anniversary, GDPR!
By David R. Bohm
MAD Magazine’s Alfred E. Nuemann would famously say, “What, Me Worry?” If you store personal information about your clients or customers on your computer, however, you should worry that it is properly secured.
Hackers and other malevolent individuals on the world wide web are constantly trying to compromise or steal data from your computer system to sell on the dark web. They particularly target names combined with (1) social security numbers, (2) credit or debit card numbers or other account information, (3) security or access codes or passwords, or (4) medical or health insurance information.
Another common form of cyberattack is to plant ransomware on a target’s computer system. Ransomware encrypts the data on the system making it inaccessible to the system’s owner, leaving a ransom note as the only thing readable on the affected system. Continue reading »
01/19/21 11:06 AM
Business Law, Cybersecurity, Emerging Business, Litigation, Manufacturing and Distribution, Technology | Comments Off on What, Me Worry? If You Store Customers’ Personal Information on Your Computer System, You Should! |
Permalink
What, Me Worry? If You Store Customers’ Personal Information on Your Computer System, You Should!
By David R. Bohm
The Circuit Courts for St. Louis City and County have both issued Administrative Orders that approve of taking of depositions by video conference. Both of these orders require that a party opposing the taking of a deposition by video conference, for that reason alone, has the burden to prove that the deposition not go forward (i.e., that the deposition notice be quashed).
At a Town Hall videoconference on April 16, Judge Rex Burlison, the presiding judge of the St. Louis City Circuit Court, made clear that, at least in the city, a party opposing the taking of a deposition by videoconference will have a difficult time convincing the court not to permit such deposition to go forward. For now, at least, in the age of social distancing amidst fear of the COVID-19 virus, it appears that videoconference depositions will be the new normal.
However, there are real issues that need to be addressed concerning depositions by videoconference. Perhaps the most important has to do with the security of the videoconference platforms used by court reporting services. In a survey of several large national court reporting services and one smaller service, they all reported using Zoom for depositions, despite recent reports by credible sources that Zoom has been hacked and is not secure. Unless and until these security concerns are addressed, I will oppose taking of depositions over Zoom (although other services may be more secure). The security of depositions is of particular concern when depositions involve businesses’ confidential information or otherwise will address sensitive information.
There are also questions regarding the preservation of video and audio of depositions, including how this will be done, how parties can access any recordings, and whether storage of any such video and/or audio is secure. Again, the security of recordings of Zoom conferences has also been reported to be an issue. Continue reading »
04/20/20 12:21 PM
Business Law, COVID-19, Cybersecurity, Litigation, Technology | Comments Off on Video Depositions – the New Normal for the Age of Social Distancing |
Permalink
Video Depositions – the New Normal for the Age of Social Distancing
By Corporate Law Practice Group
Just
as we are adapting our daily lives, cyber-criminals have adapted their
nefarious activities to capitalize on people’s fears and potential system
weaknesses during COVID-19. Hackers are targeting connection vulnerabilities
and sending phishing emails with COVID-19-related subject lines or pretending
to be a boss/coworker using a personal account. They have also been sending malware
with fake COVID-19 tracker maps, WHO, or CDC information and making social
media posts or comments with pleas related to COVID-19.
Reasons
systems and data could be particularly vulnerable during COVID-19 include:
- Human error;
- Unvetted personal
devices;
- Devices behind in
patches or updates;
- Public Wi-Fi
networks; and
- Lack of remote
work ‘protocol’ or training.
As
a result, now more than ever you need to review your company’s data and privacy
policies and ensure your workforce can successfully work from home. To
illustrate just how important this is, consider Privacy Rights Clearinghouse’s
statistic that 11,613,547,443 records have been breached since 2005.
Continue reading »
03/25/20 8:00 AM
Business Law, COVID-19, Cybersecurity, Employment Law | Comments Off on Privacy and Cybersecurity Practices for Working Remotely During COVID-19 |
Permalink
Privacy and Cybersecurity Practices for Working Remotely During COVID-19
By David R. Bohm
Hat tip to my friend, Harold Kirtz, who is a senior litigator with the FTC:
It is important that we, and our employees, families and friends, be vigilant for various scams playing off coronavirus fears. For your information, click on the link below for a good summary from the FTC concerning various of these types of scams.
More than ever, it is important that we engage in safe internet practices.
Coronavirus Scams – What the FTC is Doing
Additional Resources:
COVID-19 Business Operations for Danna McKitrick
Coronavirus/COVID-19 Resource Center
Posted by Attorney David R. Bohm. Bohm is an experienced litigator working with health care, government, and business clients on employment, intellectual property, and complex contract issues. He is also skilled in alternative dispute resolution as a means to solve disagreements without litigation.
(c) tashatuvango www.fotosearch.com
03/24/20 11:57 AM
Business Law, COVID-19, Cybersecurity, Employment Law | Comments Off on Coronavirus Scams and the FTC |
Permalink
Coronavirus Scams and the FTC